Model Based Testing for WS


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Model Based Testing for WS

  2. 2. IN THE NEXT FEW MINUTES…… <ul><li>What is Model Based Testing? </li></ul><ul><li>SOA Overview </li></ul><ul><li>Applying MBT to test Web Services </li></ul><ul><ul><li>Tools </li></ul></ul>
  3. 3. What is Model-Based Testing (MBT) ? <ul><li>“ Model-Based Testing is the automatic generation of efficient test procedures/vectors using models of system requirements and specified functionality.” </li></ul><ul><li>- Software Acquisition Gold Practice </li></ul>
  4. 4. Generic Process of Model-Based Testing <ul><li>Determining the requirements of the system </li></ul><ul><li>Building the model </li></ul><ul><li>Creating the Abstract Test Suite </li></ul><ul><li>Running the test scripts </li></ul><ul><li>Analyzing the results </li></ul><ul><li>Determining further actions </li></ul>
  5. 6. Why MBT? <ul><li>Shorter development cycle </li></ul><ul><li>Cost-efficient </li></ul><ul><li>Generation of quality products </li></ul><ul><li>Flaws and ambiguities in the specification are relatively easy to identify </li></ul><ul><li>One of the most important perceived benefit is of automated test generation </li></ul>
  6. 7. What are Web Services? <ul><li>“ Web services as self-describing, modular applications that can be published, located and invoked across the web.” </li></ul><ul><li>- IBM </li></ul>
  7. 8. Web Service Architecture or Service Oriented Architecture (SOA)‏
  8. 9. Issues with WS Testing <ul><li>Lack of code availability </li></ul><ul><li>Dynamic nature of web services </li></ul><ul><li>Platform independence of web services </li></ul><ul><li>Cost considerations </li></ul>
  9. 10. Applying MBT to test WS <ul><li>Why? </li></ul><ul><ul><li>Source code is hidden </li></ul></ul><ul><ul><li>Only Black box techniques can be applied </li></ul></ul><ul><ul><li>Answer to the first three issues on the previous slide </li></ul></ul><ul><li>How? </li></ul>
  10. 11. Generic WS Testing Framework Web Service Testing Framework (Tarhini and group, IICS 2005)‏
  11. 12. Four Steps of the Model <ul><li>Search the UDDI registry for candidate web services </li></ul><ul><ul><ul><li>Match? </li></ul></ul></ul><ul><li>Connect to the web service’s site </li></ul><ul><li>Test it as a stand-alone component </li></ul><ul><li>Test it as a part of the web component based system under consideration </li></ul>
  12. 13. Testing Conversations Between a Client and a WS <ul><li>Approaches with increasing level of detail </li></ul><ul><ul><li>Testing a Single Input Interface </li></ul></ul><ul><ul><li>Testing a Single Port </li></ul></ul><ul><ul><li>Testing a Single Port Comprising Data </li></ul></ul>- Lars Frantzen and group (WS-MaTe 2006)‏
  13. 14. STS Model <ul><li>Symbolic Transition Model – a variant of state machine model. </li></ul><ul><li>Has states and labeled transitions which model actions, i.e. Inputs and Outputs, of the system. </li></ul><ul><li>States and transitions can be parameterized with variables, with predicates serving as guards for the transition so that state explosion can be avoided. </li></ul><ul><li>Use STS to model and test the conversation between a client and a WS. </li></ul>
  14. 15. Testing a specific port STS Diagram‏
  15. 16. Testing a specific port comprising data STS Diagram‏
  16. 17. Jambition tool for testing WS <ul><li>It takes a WSDL and an SSM specification of a Web Service as an input. </li></ul><ul><li>Based on these it fully and automatically generates invocations to the Web Service </li></ul><ul><li>Receives the returned messages </li></ul><ul><li>Checks if this data is conforming to the SSM specification. </li></ul>- Lars Frantzen (2007)‏
  17. 18. Service State Machines (SSM)‏ <ul><li>Dedicated variant of state machines which is especially useful for Model-Based Testing </li></ul><ul><li>Constrains the data as it is passed via the operations </li></ul><ul><li>Gives a legal ordering of the invocations of operations. </li></ul>
  18. 19. Tool Architecture
  19. 20. MBT of specific aspects of Web Services
  20. 21. Performance Testing Performance testing is a technique where synthetic workloads are submitted to a system under study within a controlled environment. The behavior of the system under this work load is compared with the expected workload
  21. 22. Model Based Performance Testing <ul><li>What do we model? </li></ul><ul><li>Model the expected work load of the system/service </li></ul><ul><li>The workload of a Web-based system has to be characterized in terms of sessions; a session being a sequence of requests submitted by a single user. </li></ul><ul><li>The requests exhibit following dependencies </li></ul><ul><li>1.Inter request dependencies 2.Data Dependencies. </li></ul><ul><li>Data dependencies govern the choice of values of parameters in the request. </li></ul><ul><li>Requests depend on the responses of earlier requests in a session. This is Inter request dependencies. </li></ul>
  22. 23. <ul><li>Synthetic workloads are generated from the workload model and application model. </li></ul><ul><li>A workload model specifies statistical characterizations for a set of workload attributes that are expected to affect performance the most. </li></ul><ul><li>The application model can be used to obtain a large set of valid request sequences representing how users typically interact with the application. </li></ul><ul><li>The sequence generator uses the model to produce a large trace containing valid sequences of request types. Each valid sequence of request types as a sessionlet . </li></ul><ul><li>Trace generation produce s a trace of sessions that can be submitted to a system under study. </li></ul><ul><li>The sessions produced by the trace generator and the specified session inter-arrival time distribution constitute the synthetic workload. </li></ul><ul><li>  </li></ul><ul><li>  </li></ul>
  23. 24. - [Ref] A Model-Based Approach for Testing the Performance of Web Applications. Mahnaz Shams, Diwakar Krishnamurthy, Behrouz Far
  24. 25. Security Testing: <ul><li>Testing the web service for </li></ul><ul><li>Integrity. </li></ul><ul><li>Illegal access. </li></ul><ul><li>Authorization. </li></ul><ul><li>Availability. </li></ul><ul><li>Non-Repudiation. </li></ul>
  25. 26. A Model For Testing Access Control of Web Services <ul><li>Model identifies the following terms: </li></ul><ul><li>P A  Security policy for access control. </li></ul><ul><li>P I  Policy for interaction control. </li></ul><ul><li>The policy for access control is used for making decision about usage of all web services offered by the partner. </li></ul><ul><li>The policy for interaction control is used to decide which credentials must be additionally provided or must be revoked by the user if those available are not adequate to obtain the service. </li></ul><ul><li>H  History of past requests and services used by the user. </li></ul><ul><li>C P Set of presented credentials . </li></ul><ul><li>C R Set of revocable credential. </li></ul><ul><li>R Service Request. </li></ul>
  26. 27. <ul><li>To specify how the access control decision is made we define following terms:   </li></ul><ul><li>Deduction: Determines whether f is a logical consequence of F, F ->f. </li></ul><ul><li>Consistency: determines whether F is consistent, F-> ┴ </li></ul><ul><li>Abduction: Given an additional set of atoms A called the abductible atoms, and a partial order relation ϕ between subsets of A determine a set of atoms E is subset of A such that </li></ul><ul><li>(i) f is a logical consequence of F and E, namely F U E-> f. </li></ul><ul><li>(ii) adding E to F does not generate an inconsistency, namely F U E ->┴, and finally </li></ul><ul><li>(iii) E is a minimal subset of A having this property </li></ul><ul><li>  </li></ul>
  27. 28. Model for Decision Making   1. Remove the revoked credentials from the set of active credentials. 2. Verify the consistency of the request with the active set of credentials and the history of execution, namely P A U H U C A U {r} ->┴ 3. If this check succeeds goes to the next step, otherwise (a) Derive a subset of excessive credentials that must be revoked by the user CE is subset of CA such that the set CE is minimal. (b) If no such set exists then ┴ is sent back to the user (c) If it exists, this set is sent back to the user and the process is re-iterated. 4. Verify that the request is a logical consequence of the credentials, namely P A U H U C A -> r. 5. If this check succeeds then access is granted. 6. If the step fails (a) Use abduction to find a minimal set of missing credentials C M such that both P A U H U C A U C M -> r and P A U H U C A U C M ┴. (b) If this set exists then C M is sent back to the client and the process re-iterates. (c) If it does not exists then. if no such set does exist then ┴ is sent back to the user.   When the request is granted the appropriate grounding of suitable history predicates are added to H. -[Ref] A Logical Model for Security of Web Services Hristo Koshutanski and Fabio Massacci
  28. 29. Service Composition Testing <ul><li>Identify parts of the composition process flow that have been implemented incorrectly. </li></ul><ul><li>Workflow scenarios of the composition are constructed using message sequence charts. </li></ul><ul><li>Model checking tool to interactively verify the workflow behavior. </li></ul><ul><li>These models can then be used to check BPEL4WS implementations. </li></ul>
  29. 30. Terms that are going to be used. <ul><li>LTSA - Labeled Transition System Analyzer . </li></ul><ul><li>Tool which provides a means to construct and analyze complex models of finite state process specifications. </li></ul><ul><li>MSC- Message sequence chart extensions to easily model workflow scenarios. </li></ul><ul><li>Finite State Processes (FSP)is a textual notation for concisely describing concurrent programs. </li></ul><ul><li>BPEL 4 WS : Business Process Execution Language for web services </li></ul>
  30. 31. Model Based Verification Architecture - [Ref] Model-based Verification of Web Service Compositions Howard Foster, Sebastian Uchitel, Jeff Magee, Jeff Kramer
  31. 32. - [Ref] LTSA-WS: A Tool for Model-Based Verification of Web Service Compositions and Choreography Howard Foster, Sebastian Uchitel, Jeff Magee, Jeff Kramer
  32. 33. Other Aspects to be tested: <ul><li>Speed </li></ul><ul><li>Interoperability </li></ul><ul><li>Functionality </li></ul><ul><li>Reliability </li></ul><ul><li>Safety </li></ul>
  33. 34. Questions