Académique Documents
Professionnel Documents
Culture Documents
ISSNll1007-0214ll02/13llpp429-441
Volume 19, Number 5, October 2014
Jinfu Chen , Huanhuan Wang, Dave Towey, Chengying Mao, Rubing Huang, and Yongzhao Zhan
Abstract: The growing popularity and application of Web services have led to increased attention regarding the
vulnerability of software based on these services. Vulnerability testing examines the trustworthiness and reduces
the security risks of software systems. This paper proposes a worst-input mutation approach for testing Web
service vulnerability based on Simple Object Access Protocol (SOAP) messages. Based on characteristics of
SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite.
The corresponding automatic test case generation algorithm, namely, the Test Case generation based on the
Farthest Neighbor (TCFN), is also presented. The method involves partitioning the input domain into sub-domains
according to the number and type of SOAP message parameters in the TCFN, selecting the candidate test case
whose distance is the farthest from all executed test cases, and applying it to test the Web service. We also
implement and describe a prototype Web service vulnerability testing tool. The tool was applied to the testing of
Web services on the Internet. The experimental results show that the proposed approach can find more vulnerability
faults than other related approaches.
Key words: security testing; Web service vulnerability; SOAP message; test case generation; mutation operator
the testing process; (2) the fact that only simple message parameters.
performance and access testing have been performed; We implement the proposed approach in a
and (3) the fact that the approaches used in Simple Web Service Vulnerability Testing System
Object Access Protocol (SOAP) message mutations (WSVTS) tool, which we further evaluate through
are not optimal, with most studies to date being comparison with other Web service testing
based on Web Services Definition Language (WSDL) approaches. The results show that, in most cases,
specifications and Extensible Markup Language (XML) the proposed approach can detect more faults than
documents and few using SOAP messages. A Web other approaches.
service, whose structure and source codes are not
visible to the client, is located on the service 2 Related Work
provider’s site, making research into its vulnerability
challenging. Web service vulnerability refers to flaws Currently, research on Web service vulnerability testing
in the service that threaten the security of the computer remains limited, with studies focusing mainly on
system, for example, memory leaks, buffer overflows, functionality testing[2, 5, 6] , reliability analysis[3] , data
and cross-boundary access (where memory variables perturbation[7-9] , and Web service rule mutation[10-12] .
access areas outside their defined scope). Some types of Takase and Tajima[2] proposed an approach to the
Web service vulnerability faults might not be effectively functional testing of Web services by first extracting
revealed by traditional testing approaches, including the SOAP message using the WSDL converter and
memory security faults, which are often triggered by then exchanging messages using the SOAP message
illegal parameter values; and arithmetic security faults, binding framework. A disadvantage of this approach,
which are often caused by parameter interaction such as however, is that it only bundles some of the input
dividing by zero and out-of-range operand values. parameters to obtain the return value for a single
To address the issue of testing Web service message, rather than bundling multiple interdependent
vulnerability, we propose an approach based functions. If the combined services could be processed
on SOAP message mutation and the worst-input on the physical machine at the same time, then the
technique. The worst-input mutation method, which process could be more efficient. Sun et al.[5, 6] have
uses characteristics of SOAP messages, is presented proposed a metamorphic relations-based approach to
in detail in this paper. The corresponding automatic testing Web services in the context of SOA without
test case generation algorithm, namely, the Test Case the need for oracles. An alternative approach, based
generation based on the Farthest Neighbor (TCFN), on fault injection, was proposed by Wu et al.[3] , but
is also discussed. The method involves partitioning the working mode of SOAP documents could not
the input domain into sub-domains according to the be tested, multiple mistakes could not be injected at
number and type of SOAP message parameters in the network layer, and the fault injection messages
the TCFN and then selecting the candidate test case could not be authenticated. An approach based on data
whose distance is the farthest from all executed test communication perturbation, in which the perturbation
cases and applying it to test the Web service. Finally, operators were designed according to characteristics
a prototype Web service vulnerability testing tool is of the SOAP message, was proposed by Almeida and
implemented and applied to a number of real Web Vergilio[7] . Experiments were conducted using their
services. Experimental results show that the proposed proposed mutation operators and SMAT-WS[7] tools,
approach is both effective and practical. but it was found that the designed mutation operators
The main contributions of this paper are as follows: were not sufficient for comprehensive testing. Fuzzy
We propose a set of mutation operators that can approaches to generating perturbation test cases have
automatically mutate Web service SOAP messages also been studied[8, 9] , but, to date, an appropriately
based on security rules and message parameter feasible test case generation algorithm has not yet been
types. presented.
Using the farthest neighbor concept, we propose a Web service data value perturbation and rule
worst-input mutation method to test Web service mutation are the focus of this current paper. An
vulnerability and present test case generation approach to test case generation based on data
algorithms based on the number and type of SOAP value perturbation was proposed by Offutt and
Jinfu Chen et al.: Worst-Input Mutation Approach to Web Services Vulnerability Testing Based on SOAP Messages 431
Xu[10] ; in their approach, request messages were the RTG to an eRTG (extended RTG), which is a 6-
modified by mutation operations that resulted from tuple <E; N; DT; P; A; ns >, where E is a finite set
data value perturbation, Remote Procedure Call (RPC) of elements; N is a finite set of non-terminals; DT
communication perturbation, and data communication is a finite set of data types defined as fint, string,
perturbation. However, only a few special values bool, numerical, char, objectg; P is a finite set of
(such as maximum and minimum and valid decimal) production rules; ns is the starting non-terminal; and
were considered in the mutation process. Their data A is a 2-tuple <n; type> with n as the number of
value and communication perturbation approach[10] was parameters and “type” as the parameter type, which
modified by Melo and Silveira[11] , who also extended may be one of frec, cir, curg, where “rec” is the
the mutations[12] introduced previously[1, 7] by using an rectangular input domain, “cir” is the circular input
invalid test case value in the data value perturbation domain, and “cur” is the curved input domain. Given
and by introducing two strategies (al l and choi ce) a set of all element instances N , a mutation operator is
and four mutation operators for RPC communication in r=f .n1 ; n2 ; ; ni /, where f is a function, i > 1, each
the data communication perturbation. The test coverage n1 ; n2 ; ; ni 2 N and has an arbitrary data type, and r
for the RPC and document communication was also outputs the mutated n1 ; ; ni with the same data type
increased, but the overall mutation testing approach as the input n1 ; ; ni .
was not completely comprehensive, nor was a test case Although a set of interference operators has
generation algorithm proposed. been previously introduced[15, 16] , the uncertainty and
We previously proposed a combinatorial mutation randomness of an initial object led to data redundancy
approach for testing the interactive faults of Web and low efficiency after mutation. We have therefore
services[13] . That approach defines the corresponding designed a total of 15 mutation operators for SOAP
combinatorial strategies based on SOAP message parameter types combined with Web service features,
mutation and combinatorial testing, allowing multiple as shown in Table 1.
mutants to be injected at one time to help uncover We defined a security rule for testing the vulnerability
interactive faults. However, if the tested Web services of Web services based on the proposed mutation
have only one service method or one method parameter, operators as follows: the vulnerability of Web services
then the combinatorial mutation approach cannot is VWS=G.r/, where r=f .n1 ; n2 ; ; ni / is the
offer its full potential advantage. In order to test mutation operator for the tested Web service, G.r/
different kinds of Web services, we now propose a represents the vulnerability that is triggered by r, and
worst-input mutation method based on the farthest ni 2N are the Web service input parameters. When
neighbor concept, which, as a complementary approach the tested Web services accept the input parameters, if
to combinatorial mutation, can also enhance the any exceptions are triggered by the mutation operators,
effectiveness of Web service vulnerability detection. then the tested Web service is deemed to have some
vulnerability flaws.
3 Mutation Operators and Security Rules It is usual to encapsulate data in a SOAP protocol
The appropriate design of mutation operators is critical format, and a SOAP message can be expressed as two
for mutation testing based on SOAP messages and, parts: input parameters and security control rules. Based
for it to be successful, the object and purpose of the on the SOAP message input parameters, a worst-input
mutation should be explicitly clear. SOAP is a message mutation approach to SOAP message mutation testing
protocol based on an XML document, which forms is proposed and presented in the following section.
the basis of the mutation object. A formal description
4 Worst-Input Mutation Approach
for the XML modeling of a SOAP message was
given by Novak and Zamulin[14] . Offutt and Xu[10] With regular mutation[7] , the mutant can be obtained
extended the Regular Tree Grammar (RTG) model to through a small modification of the legitimate
<E; N; D; P; A; ns >, but no specific parameter type input. Taking the opposite perspective, we identify
information or classification was provided regarding the the farthest neighbor sequence from the legitimate
general characteristics of the XML document. Based input and use that as the test data to generate test
on these models, we have improved and extended cases according to SOAP message types. Effective
432 Tsinghua Science and Technology, October 2014, 19(5): 429-441
Table 1 Mutation operators of Web service vulnerability testing based on SOAP messages.
ID Operator Brief description Cases/Examples
01 SVB Set the value of n to be blank Change value n to “ ”
02 SVN Set the value of n to be “null” Change value n to “null”
Insert parameter operator into
03 IPO Insert absolute value symbol into the value assigned to node n
the value assigned to node n
Delete node n and its child
04 DNS Delete root nodes and child nodes from the SOAP message
nodes from the SOAP message
05 FVS Format the value of string “%n%n ......(256)”, “%s% s(1024)” etc.
06 IIV Integer irregular value 0,+/-(1,28 -1,28 ,28 +1,216 ,216 +1,216 -1,232 ,232 +1,232 -1,264 , 264 +1)
0, 1, -1, +/-(the max float point +/-1),
07 FIV Float irregular value
+/-(the min float point +/-1),5E-324,1.7E+308,pi,e
08 CIV Char irregular value ‘A’, ‘Z’, Null, ‘a’, ‘z’, ‘ ’, ‘../ ’, ‘f’, ‘(’, ‘[’, ‘nn’, ‘n0’, ‘ns’, ‘nd’
Exchange the order of values
09 EOV Exchange the order of the values assigned to n1 , n2
assigned to nodes
10 EON Exchange the order of nodes Exchange the order of n1 , n2
Escape character string “ne nn nr nd nx ns”,
11 RSV Random string value
“nxff nxfe nx00 nx01 nx42 nxb5 nnnnn nh9cc...”
Generate String(int n) such as:
12 LSV Long string value
“AAA......(256)”, “AAA......(1024)”,“AAA......(15000)”
URL and the value of file “http://dddddddeeeeerrttttt”, “//sytem32//Notepad.exe”,
13 UVF
directory string “H:nABCnkillvirus.exe”, “D:nAA.exeexe”
14 SSI SQL string injection “a or 1=1”, “delete”, “drop table users”, “sql attempt5– –”
15 PFB Parameter flip bit Use ReverseBit() to flip the value assigned to node n
test cases should have the greatest possible test Ming distance[20] ; and a multi-dimensional variation
coverage, typical representation for triggering faults, inverse probability distribution. BRA or ResStr are
and low redundancy. The farthest neighbor idea is used when the SOAP message has only one parameter;
similar to the concept of Adaptive Random Testing NFDT or CFDT are used when there are two; and
(ART)[17-19] , which is based on various empirical the weighted Ming distance or inverse probability
observations that show that many program faults result distribution algorithms are used when there are more
in failures manifesting in contiguous areas of the than two. As can be seen in the TCFN flow chart
input domain. Therefore, suggesting that if previously (Fig. 1), the SOAP message is obtained by parsing the
executed test cases have not revealed a failure, new WSDL file of the Web services being tested. Using an
test cases should be as far from the already executed XML analysis technique, the number and type of SOAP
non-failure test cases as possible. Intuitively speaking, message parameters are extracted and are the basis on
the farthest test cases have a higher probability of which different algorithms are then called to generate
detecting Web service security exceptions. Hence, we test cases.
investigate some farthest neighbor algorithms to detect The input region is divided into sub-regions based on
the security exceptions of Web services based on related the number and type of message parameters; then, the
ART algorithms and mutation. appropriate algorithm is selected to generate test cases
The input domain is partitioned into sub-domains for testing the Web service. The main sub-algorithms of
according to the number and type of SOAP message the TCFN algorithm are as follows.
parameters. A corresponding test case generation (1) BRA algorithm
algorithm is then selected and test cases conforming When the input parameter data type is Integer (int),
to the requirements of each sub-domain are randomly the BRA algorithm and related mutation operators are
generated. The candidate test case whose distance is used to generate the farthest test cases. The BRA
farthest from all executed test cases is then selected algorithm flips all bits (from 0 to 1, and 1 to 0).
and applied to test the Web service. Here, we propose (2) ResStr algorithm
the TCFN algorithm (Algorithm 1), which is based The ResStr algorithm calculates the length of the
on the presented eRTG model. The TCFN algorithm string, reverses it, and uses the Char Irregular Value
consists of six sub-algorithms: BRA (bit reversal); (CIV) mutation operator to increase or decrease the
ResStr (string reversal); NFDT (next furthest distance length of the reversed string. The Web service’s SOAP
test); CFDT (circle furthest distance test); a weighted message can be
Jinfu Chen et al.: Worst-Input Mutation Approach to Web Services Vulnerability Testing Based on SOAP Messages 433
selected. The runtime of the NFDT algorithm when and the Web service address information. The output is
generating n test cases is in the order of O.n2 /. The a Web service SOAP message.
main time cost of the CFDT algorithm is the large (b) SOAP message mutation generator
number of distance calculations that are performed Based on mutation operators designed for different
when new test cases are selected. The runtime of fault types, the mutation module mutates the SOAP
the CFDT algorithm when generating n test cases is message parameter type and value. The parameter type
in the order of O.n2 log n/. The time complexity of and number are obtained from the SOAP message
both the weighted Ming distance algorithm and the generator and the test cases are obtained from the test
inverse probability distribution algorithm is O.n2 /. The case generator.
total time complexity of the TCFN algorithm is (c) Test case generator
therefore O.n/ C O.n/ C O.n2 / C O.n2 / C O.n2 / C The test case generator provides a convenient
O.n2 log n/ D O.n2 log n/. interface for the tester to input test cases and can also
use different algorithms based on the SOAP message
5 Experiment and Analysis parameter number, as analyzed by the SOAP message
generator.
5.1 Experimental implementation
(d) Vulnerability analyzer
To investigate and evaluate the proposed TCFN The vulnerability analyzer generates a vulnerability
algorithm, a Web Service Vulnerability Testing System report after testing Web services. It analyzes Web
(WSVTS) was implemented. The WSVTS framework service vulnerability based on security specifications
is shown in Fig. 2; it obtains interface information by and reports on the number of security exceptions and
parsing the Uniform Resource Locator (URL) of the faults found.
Web service and gets the SOAP message by parsing the As can be seen in the WSVTS flow chart (Fig. 3),
WSDL document. the SOAP message is obtained by parsing the WSDL
The WSVTS was implemented in Visual C] on file of the Web services being tested. Then, using
the Microsoft .NET platform and contains four main an XML analysis technique, the number and type of
function modules: (a) the SOAP message generator; SOAP message parameters are extracted; based on this
(b) the SOAP message mutation generator; (c) the test information, the appropriate TCFN algorithm is called
case generator; and (d) the Web service vulnerability to generate test cases. Web services are tested based
analyzer. The details of these major modules are on the testing controller and client driver, using the
presented below. generated test cases. Finally, the vulnerability testing
(a) SOAP message generator report is obtained based on observations of the response
The input to the SOAP message generator is a WSDL messages received from the client of the Web services
file of the Web service being tested and consists of the being tested.
response message data type, the transmission protocol, In the experiments, some specifically written
Table 3 Test results of the SOAPUI tool. Fig. 5 Comparison of the WSVTS and SOAPUI efficiencies.
Number of test
Mutation operators Faults found number of faults found by the WSVTS approach is
cases generated
DNS 42 8 higher than that found by the SOAPUI tool (exceptions
SVN 124 19 being the EON, FVS, RSV, and PFB operators). The
EON 113 11 UVF operator appears particularly efficient. The faults
EOV 97 9 that were found consist of some common vulnerability
SVB 130 38 faults, such as memory leak, buffer overflow, cross-
SSI 40 2 boundary access, and arithmetic security faults —
LSV 211 28 including dividing by zero and out-of-range operand
IIV 151 45
values. Thus, the designed operators and our approach
FVS 115 42
are confirmed to be very effective.
CIV 197 36
RSV 98 31
5.2.2 Comparison of SMAT-WS, WSVTS, and
FIV 102 28 SOAPUI
UVF 41 7 Research on SOAP message mutation testing is still
PFB 118 30 uncommon. The experimental results of SOAP message
Total 1579 334 perturbation reported by Almeida and Vergilio[7] is
reproduced here in Table 5. Their proposed mutation
Jinfu Chen et al.: Worst-Input Mutation Approach to Web Services Vulnerability Testing Based on SOAP Messages 439
parameters and mutation operators. The effectiveness Journal of Systems Architecture, vol. 57, no. 3, pp. 259-
of the proposed approach has been shown to be higher 268, 2011.
[9] S. Bekrar, C. Bekrar, R. Groz, and L. Mounier, Finding
than that of other available approaches. The efficiency
software vulnerabilities by smart fuzzing, in Proceedings
of the proposed mutation operators is higher than of the Fourth IEEE International Conference on Software
other approaches, such as SMAT-WS. In addition, the Testing, Verification and Validation, Berlin, Germany,
approach can detect more vulnerability faults than other 2011, pp. 427-430.
[10] J. Offutt and W. Xu, Generating test cases for web
approaches with the same test cases.
services using data perturbation, ACM SIGSOFT Software
In the future, we would like to continue research Engineering Notes, vol. 29, no. 5, pp. 1-10, 2004.
in the following areas. First, we will do more [11] A. C. V. de Melo and P. Silveira, Improving data
experiments to verify the reliability of the proposed perturbation testing techniques for web services,
approaches. Second, we will research how to further Information Science, vol. 181, no. 3, pp. 600-619, 2011.
[12] P. Silveira and A. C. V. de Melo, Exploring XML
reduce redundant test cases after mutating. Third, perturbation techniques for web services testing, Lecture
the automatic process of test case generation and Notes in Computer Science, vol. 5648, pp. 355-369, 2009.
mutation need to be further improved to enhance testing [13] J. F. Chen, Q. Li, C. Y. Mao, D. Towey, Y. Z. Zhan, and
efficiency. H. H. Wang, A web services vulnerability testing approach
based on combinatorial mutation and SOAP message
Acknowledgements mutation, Service Oriented Computing and Applications,
This work was partly supported by the National Natural vol. 8, no. 1, pp. 1-13, 2014.
[14] L. Novak and A. Zamulin, A formal model for
Science Foundation of China (Nos. 61202110 and XML schema, in Proceedings of the 21st International
61063013) and the Natural Science Foundation of Jiangsu Conference on Data Engineering Workshops, Tokyo,
Province (No. BK2012284). Japan, pp. 1283-1293, 2005.
[15] W. Xu, J. Offutt, and J. Luo, Testing web services
References by XML perturbation, in Proceedings of the 16th
IEEE International Symposium on Software Reliability
[1] S. Hanna and M. Munro, An approach for wsdl-based
Engineering, Chicago, USA, pp. 257-266, 2005.
automated robustness testing of web services, presented at [16] J. F. Chen, Y. S. Lu, and X. D. Xie, Component security
the 16th International Conference on Information Systems testing approach by using interface fault injection, Journal
Development, Nanchang, China, 2009, pp. 1093-1104. of Chinese Computer System, vol. 31, no. 6, pp. 1090-1096,
[2] T. Takase and K. Tajima, Efficient web service message
2010.
exchange by SOAP bounding framework, in the 11th IEEE [17] S. Anand, E. K. Burke, T. Y. Chen, J. Clark, M. B. Cohen,
International Enterprise Distributed Object Computing, W. Grieskamp, M. Harman, M. J. Harrold, and P. McMinn,
Annapolis, MD, USA, 2007, pp. 63-72. An orchestrated survey of methodologies for automated
[3] L. Wu, X. K. Li, and H. Wang, Research on the reliability software test case generation, Journal of Systems and
testing of web service based on fault injection technology, Software, vol. 86, no. 8, pp. 1978-2001, 2013.
Journal of Chinese Computer System, vol. 28, no. 1, pp. [18] T. Y. Chen, F. C. Kuo, H. Liu, and W. E. Wong, Code
127-131, 2007. coverage of adaptive random testing, IEEE Transactions
[4] M. Palacios, J. Garcia-Fanjul, and J. Tuya, Testing in on Reliability, vol. 62 no. 1, pp. 226-237, 2013.
service oriented architectures with dynamic binding: A [19] A. Shahbazi, A. Tappenden, and J. Miller, Centroidal
mapping study, Information and Software Technology, vol. voronoi tessellationsCa new approach to random testing,
53, no. 3, pp. 171-189, 2011. IEEE Transactions on Software Engineering, vol. 39, no.
[5] C. A. Sun, G. Wang, B. H. Mu, H. Liu, Z. S. Wang, and T. 2, pp. 163-183, 2013.
Y. Chen, A metamorphic relation-based approach to testing [20] C. Bohm, S. Berchtold, and D. A. Keim, Searching in high
web services without oracles, International Journal of Web dimensional spaces: Index structures for improving the
Services Research, vol. 9, no. 1, pp. 51-73, 2012. performance of multimedia databases, ACM Computing
[6] C. A. Sun, G. Wang, B. H. Mu, H. Liu, Z. S. Wang, Surveys, vol. 33, no. 3, pp. 322-373, 2001.
and T. Y. Chen, Metamorphic testing for web services: [21] T. Y. Chen, F. C. Kuo, R. G. Merkel, and T. H. Tse,
Framework and a case study, presented at the IEEE Adaptive random testing: The ART of test case diversity,
International Conference on Web Services, Washington Journal of Systems and Software, vol. 83, no. 1, pp. 60-66,
DC, USA, 2011, pp. 283-290. 2010.
[7] L. F. de Almeida and S. R. Vergilio, Exploring perturbation [22] M. H. Alsuwaiyel, Algorithms: Design Techniques and
based testing for web services, presented at the IEEE Analysis. World Scientific Pub Co Inc, November 1998.
[23] K. P. Chan, T. Y. Chen, and D. Towey, Adaptive random
International Conference on Web Services, Chicago, USA,
testing with filtering: An overhead reduction technique,
2006, pp. 717-726. presented at the 17th International Conference on Software
[8] H. C. Kim, Y. H. Choi, and D. H. Lee, Efficient file Engineering and Knowledge Engineering, Taipei, China,
fuzz testing using automated analysis of binary file format, pp. 292-299, 2005.
Jinfu Chen et al.: Worst-Input Mutation Approach to Web Services Vulnerability Testing Based on SOAP Messages 441
[24] K. P. Chan, T. Y. Chen, and D. Towey, Restricted [27] B. H. Li and Z. X. Hao, Efficient filtration and query
random testing: Adaptive random testing by exclusion, algorithm of reverse furthest neighbor, Journal of Chinese
International Journal of Software Engineering and Computer Systems, vol 30, no. 10, pp. 1948-1951, 2009.
Knowledge Engineering, vol. 16, no. 4, pp. 553-584, 2006. [28] J. M. Voas and K. W. Miller, Predicting software’s
[25] T. Y. Chen, F. C. Kuo, and C. A. Sun, Impact of the minimum-time-to-hazard andmean-time-to-hazard for rare
compactness of failure regions on the performance of input events, presented at the 6th International Symposium
adaptive random testing, Journal of Software, vol. 17, no. on Software Reliability Engineering, Toulouse, France,
12, pp. 2438-2449, 2006. 1995, pp. 229-238.
[26] I. N. Bronshtein, K. A. Semendyayev, G. Musiol, and H. [29] SoapUI, SmartBear software, http://www.soapui.org,
Mhlig, Handbook of Mathematics. Springer, 2007. 2012.
Jinfu Chen received the BEng degree from Chengying Mao received the BS degree
Nanchang Hangkong University, China, from Central South University, China, in
in 2004, and PhD degree from Huazhong 2001, and the PhD degree in computer
University of Science and Technology, software and theory from Huazhong
China, in 2009, both in computer science. University of Science and Technology,
He is currently an associate professor China, in 2006. He worked as a post-doc in
in the School of Computer Science and the College of Management of Huazhong
Communication Engineering of Jiangsu University of Science and Technology
University. His major research interests include software from July 2006 to September 2008. He is an associate professor
engineering, services computing, and information security. of the School of Software and Communication Engineering
He is a member of the ACM, IEEE CS, and China Computer in Jiangxi University of Finance and Economics, China.
Federation. His current research interests include service computing and
software engineering. He is a member of the ACM, IEEE, and
IEEE CS.
Huanhuan Wang is a software testing
engineer with ZTE Corporation. She
Rubing Huang is an assistant professor in
received her BEng degree from Qufu
the Department of Software Engineering,
Normal University, China, in 2009, and
School of Computer Science and
MS degree from Jiangsu University, China,
Communication Engineering, Jiangsu
in 2012, both in computer science. Her
University, China. He received his
research interests include software testing
PhD degree in computer science and
and service computing.
technology from Huazhong University
of Science and Technology, China, in
2013. His current research interests include software testing
Dave Towey is an assistant professor at and software maintenance, especially combinatorial interaction
the School of Computer Science, The testing, random testing, adaptive random testing, and test case
University Nottingham Ningbo China, prioritization. He is a member of the IEEE, the ACM, the IEICE,
prior to which he was with Beijing Normal and the IEEE Communications Society.
University–Hong Kong Baptist University:
United International College, China. He
received his BA and MA degrees from the Yongzhao Zhan is a professor at
University of Dublin, Trinity College in the School of Computer Science and
1997 and 2000, respectively, and a PhD degree in computer Communication Engineering, Jiangsu
science from The University of Hong Kong in 2006. His University. He received his PhD degree
research interests include software testing, software design, and from Nanjing University in 2000. He does
technology in education. He is a member of both the IEEE and research on distributed systems, image,
the ACM. and video retrieval. He is a member of the
ACM, IEEE, and IEEE CS.