US NIST updates its Automated Combinatorial Testing for Software (ACTS) research toolkit that should help experts in finding bugs in complex safety-critical applications.

US NIST announced updated for its Automated Combinatorial Testing for Software (ACTS) research toolkit that should allow developers easily spot software errors in complex safety-critical applications.

The ACTS toolkit allows development teams to check their products correctly respond to simultaneous inputs that could trigger security vulnerabilities.

The toolkit, developed by researchers from NIST along with the University of Texas at Arlington, Adobe, and SBA Research, the research center for information security in Austria, is particularly useful for testing large and complex systems with thousands of input variables.

The NIST announced that the ACTS toolkit now includes an updated version of Combinatorial Coverage Measurement (CCM), a tool that should help improve safety as well as reduce software costs.

The improvements should help developers to improve the safety of their systems and to reduce development costs.

“Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly,” wrote NIST mathematician Raghu Kacker. “That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because it’s not just highly configurable, it’s also life critical. People’s lives and health are depending on it.”

The early version of the NIST tools was able to handle software that had a few hundred input variables. Another tool developed by the SBA Research could be used to analyze software that has up to 2,000 input variable . This latter tool could generate a test suite for up to five-way combinations of input variables.

“The two tools can be used in a complementary fashion: While the NIST software can measure the coverage of input combinations, the SBA algorithm can extend coverage to thousands of variables.” added

Kacker.

Even is the SBA Research algorithm was not yet integrated into the ACTS toolkit, the team plans to include it in the future. Waiting for the integration, NIST will make the algorithm available to any developer who requests it.

Pierluigi Paganini

( SecurityAffairs – ACTS toolkit , NIST)

Share this...

Linkedin Reddit Pinterest

Share On