2approach.tex

   1 The test process consists of several stages. The results of the first stage,
   2 planning, are descibed in this document. On the basis of this document actual
   3 test cases will be designed. Afterwards the actual tests will be implemented
   4 and executed. The results of these tests will then be evaluated against the
   5 exit criteria found in Section~\ref{sec:exitcriteria} and depending on the
   6 outcome of these evaluations further tests might be deemed necessary.
   7
   8 \subsection{Quality Characteristics}
   9 The quality characteristics that are to be tested are described using the
  10 ISO/IEC 25010 \cite{iso25010} as a guideline. In the following sections we will
  11 discuss the relevant \textit{product quality} and \textit{quality in use}
  12 characteristics.
  13
  14 \subsubsection{Product quality}
  15 Product quality is divided into eight main categories which are divided into
  16 several subcategories. Below we will discuss the qualities which are relevant
  17 to the SUT.
  18 \begin{itemize}
  19         \item \textbf{Functional suitability}\\
  20         As described in Section~\ref{sec:risks} the SUT is core functionality of
  21         the networking capable system. Because many other systems running on the
  22         system could rely on it it is very important that the SUT is functionality
  23         suitable.  Therefore all three sub characteristics of Functional
  24         Suitability (\textit{Functional completeness, Functional correctness,
  25         Functional appropriateness}) are of vital importance. As was previously
  26         mentioned in Section~\ref{sec:risks} extra emphasis should be placed on
  27         testing \emph{Functional Correctness} as recovery from Failures in
  28         computer-to-computer systems is problematic.
  29         \item \textbf{Performance efficiency} \label{sec:perf_eff}\\
  30         As the SUT runs as a service on a system with other programs it must have
  31         efficient \emph{resource utilisation}. It can not contain any memory leaks
  32         or use other resources more than necessary.
  33         \item \textbf{Compatibility}\\
  34         \emph{Interoperability} is the key feature of the SUT as it's purpose is to
  35         communicate with other systems implementing the TCP protocol. Therefore it
  36         is of vital importance that the SUT implements the TCP protocol correctly.
  37         Furthermore it is very important that the SUT can \emph{co-exist} with
  38         other programs on the system it runs on, since it is used as a service by
  39         those programs. This means that the SUT has to handle preemption as well as
  40         having multiple programs requesting it's services at once.
  41         \item \textbf{Reliability}\\
  42         As stated before, the SUT is used as a core service, this means it has to
  43         be very \emph{mature}. It needs to behave as expected under normal working
  44         conditions. As it can continually be requested the SUT needs to have
  45         constant
  46         \emph{availability}. As the SUT relies on a potentially unreliable channel
  47         to send and receive data it needs to be \emph{fault tolerant}. The SUT
  48         needs to properly handle errors in received data or complete unavailability
  49         of the underlying channel.
  50 \end{itemize}
  51 This leaves four categories which are not relevant the SUT. Below we will
  52 shortly discuss per category why these are not relevant. \emph{Maintainability}
  53 is an important aspect of any software system, however for the SUT it is not a
  54 core aspect, as it is first and foremost of importance that the implementation
  55 is correct, furthermore TCP does not change often. \emph{Usability} isn't a
  56 core aspect either, as the SUT is not used directly by humans, but is a service
  57 which is addressed when another program needs it. \emph{Portability} isn't
  58 either as the SUT is installed on a system once and intended to work on that
  59 system. \emph{Security} isn't a feauture of the SUT either, systems using the
  60 SUT can add their own security mechanisms on top of it.
  61
  62
  63 \subsubsection{Quality in use}
  64 Quality in use is dived into five subcategories. Below we will discuss the
  65 categories which are relevant to the SUT.
  66 \begin{itemize}
  67         \item \textbf{Effectiveness}\\
  68         This is the core aspect of the SUT, users (other programs) need to be able
  69         to effectively use the SUT to send and receive data.
  70         \item \textbf{Efficiency}\\
  71         This issue has already been covered above under
  72         ``performance efficiency''~\ref{sec:perf_eff}.
  73         \item \textbf{Satisfaction}\\
  74         It is important that programs using the SUT can \emph{trust} that the SUT
  75         provides the promised services. This means that data is send and received
  76         reliably and the SUT provides clear and unambiguous errors when this
  77         service
  78         can not be provided.
  79         \item \textbf{Context Coverage}\\
  80         The SUT needs to behave as expected in all specified contexts
  81         (\emph{context completeness}).
  82 \end{itemize}
  83 This leaves \emph{freedom from risk}, which we consider not relevant as the SUT
  84 itself does not pose any risks, and correct implementation (which is covered in
  85 the other categories) gives clear guarantees to programs using the services of
  86 the SUT.
  87
  88 \subsection{Levels and types of testing} \label{levels}
  89 The client will deliver a product for certification. This means our team will
  90 only conduct acceptance testing and assume that the client who requested
  91 certification has conducted unit, module and integration testing. We will only
  92 be conducting black-box testing and the client is not required to handover any
  93 source-code. Initially we will conduct several basic test cases based on
  94 experience acquired from previous certification requests (error guessing). If
  95 the product fails these basic tests we reject it and seize all further
  96 activities. If the product is not rejected we will proceed with more thorough
  97 testing. For each test we produce a test report. If any of the test cases fail
  98 the product is still rejected but in order to deliver usable feedback to the
  99 client we will still produce a test report. For each test case a performance
 100 analysis will be included.
 101
 102 \subsubsection{Test generation}
 103 The basic tests mentioned in Section \ref{levels} are conducted using a
 104 checklist. If any of the checks fail we immediately reject the product.
 105
 106 \begin{enumerate}
 107         \item Is the product complete?
 108         \item Does the product come with a manual or quick start guide?
 109         \item Is it possible to get the product in a usable state?
 110         \item Can we use the product to initiate a connection in a corruption
 111         free
 112         environment?
 113         \item ....
 114 \end{enumerate}
 115
 116 For the remaining tests we first use equivalence partitioning to reduce the
 117 overall number of test cases.
 118
 119 \begin{enumerate}
 120         \item Valid requests:
 121                 \begin{enumerate}
 122                         \item Single request.
 123                         \item Multiple requests.
 124                 \end{enumerate}
 125         \item Invalid requests:
 126                 \begin{enumerate}
 127                         \item Single request.
 128                         \item Multiple requests.
 129                 \end{enumerate}
 130 \end{enumerate}
 131
 132 For these requests we can introduce more cases using equivalence partitioning
 133 for the different packets that are sent during one request.
 134
 135 \begin{enumerate}
 136         \item Packets received in order.
 137         \item Packets received out of order.
 138 \end{enumerate}
 139
 140 For each individual packet we can specify the follow equivalent classes.
 141
 142 \begin{enumerate}
 143         \item Valid packet.
 144         \item Corrupted packet.
 145         \item Missing packets.
 146 \end{enumerate}
 147
 148 We will test all possible combinations of requests/packet order/packet content.
 149 For each combination we will use boundary value analysis to reduce the total
 150 number of test cases. Boundary values are constructed using the following
 151 parameters:
 152
 153 \begin{enumerate}
 154         \item Checksum: valid/invalid
 155         \item Header: valid/invalid
 156         \item Payload: valid/invalid
 157         \item ...
 158 \end{enumerate}
 159
 160 \subsubsection{Test environment and automatization}
 161 \label{section:testenv}
 162 %%%Java\footnote{\url{http://www.java.com}} TCP driven echo server that executed
 163 %%%on a virtualized Ubuntu system\footnote{\url{http://www.ubuntu.com}} running on
 164 %%%the error behaviour custom iptables output policies have to be set
 165 %%%Listing~\ref{listing:iptables}. This is needed because the kernel by default
 166 %%%closes all connections from unknown sources and the manually created TCP
 167 %%%packets used in testing the implementation are from a source unknown to the
 168 %%%kernel.
 169 %%%
 170 %%%\begin{lstlisting}[label={listing:iptables},caption={settings iptables}]
 171 %%%Chain OUTPUT (policy ACCEPT)
 172 %%%target       prot    opt     source  destination
 173 %%%ACCEPT       tcp     --      anywhere        anywhere        tcp flags:PSH/PSH
 174 %%%DROP tcp     --      anywhere        anywhere        tcp flags:RST/RST
 175 %%%\end{lstlisting}
 176 %%%All the tools we are going to use together with the SUT gives us the following
 177 %%%collection of software.
 178
 179 \begin{enumerate}
 180         \item Windows, used as a host OS.
 181         \item Linux, used as both a host and guest OS.
 182         \item VirtualBox, used to run the guest OS containing the SUT.
 183         \item Wireshark, used on the guest in order to capture and analyze network
 184                 traffic.
 185         \item Tcpdump, used to prepare network packets.
 186 \end{enumerate}
 187
 188 All test will be conducted in a virtual environment. We will use VirtualBox to
 189 run a Linux distribution with the product installed. All the tests are
 190 performed from within the VirtualBox environment. When testing network
 191 transmissions we will only analyze the packets sent/received to/from the guest
 192 OS. The host system is disconnected from the Internet or any other network in
 193 order to prevent unnecessary traffic.
 194 % Dit is niet nodig omdat het via loopback gaat
 195
 196 For each test case (except for the basic tests) a file containing previously
 197 captured network traffic will be replayed using Wireshark. We will use tcpdump
 198 to update the prepared packets with the MAC address of the guest network
 199 adapter. The response packets coming from the guest OS will be recorded and
 200 analyzed at a later stage. The valid packets are obtained by capturing traffic
 201 between known working alternatives to the SUT. Invalid packets are generated
 202 from this valid traffic using tcpdump. The boundary values for the different
 203 parameters (fields in packets) are determined by hand. Automated scripts are
 204 written that will generate packets with some fields replaced with these
 205 boundary values. The performance analysis will consists of measured latencies
 206 for all packets sent.
 207
 208 % Dit is mooier om footnotes van te maken en te gebruiken als het voor het
 209 % eerst gerefereerd is
 210 \begin{enumerate}
 211         \item VirtualBox, https://www.virtualbox.org/
 212         \item Whireshark, https://www.wireshark.org/
 213         \item Tcpdump, http://www.tcpdump.org/
 214 \end{enumerate}