US NIST updates its Automated Combinatorial Testing for Software (ACTS) research toolkit that should help experts in finding bugs in complex safety-critical applications.
US NIST announced updated for its Automated Combinatorial Testing for Software (ACTS) research toolkit that should allow developers easily spot software errors in complex safety-critical applications.
The ACTS toolkit allows development teams to check their products correctly respond to simultaneous inputs that could trigger security vulnerabilities.
The toolkit, developed by researchers from NIST along with the University of Texas at Arlington, Adobe, and SBA Research, the research center for information security in Austria, is particularly useful for testing large and complex systems with thousands of input variables.
The NIST announced that the ACTS toolkit now includes an updated version of Combinatorial Coverage Measurement (CCM), a tool that should help improve safety as well as reduce software costs.
The improvements should help developers to improve the safety of their systems and to reduce development costs.
“Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly,” wrote NIST mathematician Raghu Kacker. “That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because it’s not just highly configurable, it’s also life critical. People’s lives and health are depending on it.”
The early version of the NIST tools was able to handle software that had a few hundred input variables. Another tool developed by the SBA Research could be used to analyze software that has up to 2,000 input variable. This latter tool could generate a test suite for up to five-way combinations of input variables.
“The two tools can be used in a complementary fashion: While the NIST software can measure the coverage of input combinations, the SBA algorithm can extend coverage to thousands of variables.” added Kacker.
Even is the SBA Research algorithm was not yet integrated into the ACTS toolkit, the team plans to include it in the future. Waiting for the integration, NIST will make the algorithm available to any developer who requests it.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.