Model Based Testing for WS
Transcript of Model Based Testing for WS
BYAMIT KANITKAR
&PRAVEEN GORTHY
IN THE NEXT FEW MINUTES……
What is Model Based Testing?
SOA Overview
Applying MBT to test Web ServicesTools
What is Model-Based Testing (MBT)?“Model-Based Testing is the automatic
generation of efficient test procedures/vectors using models of system requirements and specified functionality.”
- Software Acquisition Gold Practice
Generic Process of Model-Based Testing
Determining the requirements of the systemBuilding the modelCreating the Abstract Test SuiteRunning the test scriptsAnalyzing the resultsDetermining further actions
Why MBT?Shorter development cycleCost-efficientGeneration of quality productsFlaws and ambiguities in the specification
are relatively easy to identifyOne of the most important perceived benefit
is of automated test generation
What are Web Services?
“Web services as self-describing, modular applications that can be published, located and invoked across the web.”
- IBM
Web Service Architecture or Service Oriented Architecture (SOA)
Issues with WS TestingLack of code availabilityDynamic nature of web servicesPlatform independence of web servicesCost considerations
Applying MBT to test WSWhy?
Source code is hiddenOnly Black box techniques can be appliedAnswer to the first three issues on the previous
slide
How?
Generic WS Testing Framework
Web Service Testing Framework (Tarhini and group, IICS 2005)
Four Steps of the ModelSearch the UDDI registry for candidate web
servicesMatch?
Connect to the web service’s siteTest it as a stand-alone componentTest it as a part of the web component based
system under consideration
Testing Conversations Between a Client and a WSApproaches with increasing level of detail
Testing a Single Input InterfaceTesting a Single PortTesting a Single Port Comprising Data
- Lars Frantzen and group (WS-MaTe 2006)
STS ModelSymbolic Transition Model – a variant of
state machine model.Has states and labeled transitions which
model actions, i.e. Inputs and Outputs, of the system.
States and transitions can be parameterized with variables, with predicates serving as guards for the transition so that state explosion can be avoided.
Use STS to model and test the conversation between a client and a WS.
Testing a specific port
STS Diagram
Testing a specific port comprising data
STS Diagram
Jambition tool for testing WSIt takes a WSDL and an SSM specification of
a Web Service as an input. Based on these it fully and automatically
generates invocations to the Web ServiceReceives the returned messagesChecks if this data is conforming to the SSM
specification.
- Lars Frantzen (2007)
Service State Machines (SSM)Dedicated variant of state machines which is
especially useful for Model-Based TestingConstrains the data as it is passed via the
operationsGives a legal ordering of the invocations of
operations.
Tool Architecture
MBT of specific aspects of Web Services
Performance Testing
Performance testing is a technique where
synthetic workloads are submitted to a
system under study within a controlled
environment. The behavior of the system
under this work load is compared with the
expected workload
Model Based Performance TestingWhat do we model? Model the expected work load of the system/service The workload of a Web-based system has to be
characterized in terms of sessions; a session being a sequence of requests submitted by a single user.
The requests exhibit following dependencies 1.Inter request dependencies 2.Data Dependencies. Data dependencies govern the choice of values of
parameters in the request. Requests depend on the responses of earlier requests in a
session. This is Inter request dependencies.
Synthetic workloads are generated from the workload model and application model.
A workload model specifies statistical characterizations for a set of workload attributes that are expected to affect performance the most.
The application model can be used to obtain a large set of valid request sequences representing how users typically interact with the application.
The sequence generator uses the model to produce a large trace containing valid sequences of request types. Each valid sequence of request types as a sessionlet.
Trace generation produce s a trace of sessions that can be submitted to a system under study.
The sessions produced by the trace generator and the specified session inter-arrival time distribution constitute the synthetic workload.
- [Ref] A Model-Based Approach for Testing the Performance of Web Applications. Mahnaz Shams, Diwakar Krishnamurthy, Behrouz Far
Security Testing:
Testing the web service for Integrity. Illegal access. Authorization. Availability. Non-Repudiation.
A Model For Testing Access Control of Web ServicesModel identifies the following terms:PA Security policy for access control.
PI Policy for interaction control.
The policy for access control is used for making decision about usage of all web services offered by the partner.
The policy for interaction control is used to decide which credentials must be additionally provided or must be revoked by the user if those available are not adequate to obtain the service.
H History of past requests and services used by the user.CP Set of presented credentials .
CR Set of revocable credential.R Service Request.
To specify how the access control decision is made we define following terms:
Deduction: Determines whether f is a logical consequence of F, F →f.
Consistency: determines whether F is consistent, F→ ┴Abduction: Given an additional set of atoms A called the
abductible atoms, and a partial order relation ϕ between subsets of A determine a set of atoms E is subset of A such that
(i) f is a logical consequence of F and E, namely F U E→ f. (ii) adding E to F does not generate an inconsistency,
namely F U E →┴, and finally (iii) E is a minimal subset of A having this property
Model for Decision Making
1. Remove the revoked credentials from the set of active credentials.2. Verify the consistency of the request with the active set of credentials and the history of execution, namely PA U H U CA U {r} →┴3. If this check succeeds goes to the next step, otherwise (a) Derive a subset of excessive credentials that must be revoked by the
user CE is subset of CA such that the set CE is minimal. (b) If no such set exists then ┴ is sent back to the user (c) If it exists, this set is sent back to the user and the process is re-
iterated.4. Verify that the request is a logical consequence of the credentials, namely PA U H U CA → r.5. If this check succeeds then access is granted.6. If the step fails (a) Use abduction to find a minimal set of missing credentials CM such that both PA U H U CA U CM → r and PA U H U CA U CM ┴. (b) If this set exists then CM is sent back to the client and the process re-iterates. (c) If it does not exists then. if no such set does exist then ┴ is sent back to
the user. When the request is granted the appropriate grounding of suitable history
predicatesare added to H.
-[Ref] A Logical Model for Security of Web Services Hristo Koshutanski and Fabio Massacci
Service Composition Testing Identify parts of the composition process flow
that have been implemented incorrectly.
Workflow scenarios of the composition are constructed using message sequence charts.
Model checking tool to interactively verify the workflow behavior.
These models can then be used to check BPEL4WS implementations.
Terms that are going to be used.
LTSA - Labeled Transition System Analyzer . Tool which provides a means to construct and analyze
complex models of finite state process specifications.MSC- Message sequence chart extensions to easily model
workflow scenarios.Finite State Processes (FSP)is a textual notation for
concisely describing concurrent programs. BPEL4WS : Business Process Execution Language for web
services
Model Based Verification Architecture
- [Ref] Model-based Verification of Web Service Compositions Howard Foster, Sebastian Uchitel, Jeff Magee, Jeff Kramer
- [Ref] LTSA-WS: A Tool for Model-Based Verification of Web Service Compositions and Choreography Howard Foster, Sebastian Uchitel, Jeff Magee, Jeff Kramer
Other Aspects to be tested:
Speed
Interoperability
Functionality
Reliability
Safety
Questions