• Corpus ID: 16803955

Model-based Approach to Security Test Automation

  title={Model-based Approach to Security Test Automation},
  author={Mark R. Blackburn and Robert Busser and Aaron Nauman and Ramaswamy Chandramouli},
Security functional testing is a costly activity typically performed by security evaluation laboratories. These laboratories have struggled to keep pace with increasing demand to test numerous product variations. This paper summarizes the results of applying a model-based approach to automate functional security testing. The approach involves developing models of security requirements as the basis for automatic test vector and test driver generation. In the application, security properties were… 

Figures and Tables from this paper

Model-Based Security Testing
This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.
A Security Assurance Framework Combining Formal Verification and Security Functional Testing
A framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure and comparison results of mutation test explore the efficiency of this test approach.
Interface-driven Model-based Test Generation of Java Test Drivers
This paper extends prior work in model-based verification and describes interface-driven analysis that combines textual requirement modeling to support automated test generation of Java test scripts
Interface-Driven Model-Based Generation of Java Test Drivers
This paper describes interface-driven analysis that combines with a requirement model to support automated generation of Java test scripts to support security functionality of an Oracle database using Java and Structured Query Language(SQL) test drivers.
Towards Model-Based Automatic Testing of Attack Scenarios
An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios, and are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines.
Automated Security Test Generation with Formal Threat Models
This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transition nets, which generates all attack paths from a threat model and converts them into executable test code according to the given Model-Implementation Mapping (MIM) specification.
Defect Identification With Model-Based Test Automation
A Test Automation Framework (TAF) combining tools and methods to automate comprehensive test generation based on models is discussed, which leads to dramatic performance and quality gains relative to manual test generation.
CORAL: A Model-Based Approach to Risk-Driven Security Testing
This thesis proposes a model-based approach to risk-driven security testing, named CORAL, which is specifically developed to help security testers select and design test cases based on the available risk picture, and results indicate that CORAL supports security testers in producing risk models that are valid and directly testable.
Specifying Security Aspects in UML Models
A technique to specify UML security stereotypes is presented, aiming to guide developers by annotating vulnerable model parts and to allow the automatic security test case generation.


Using models for test generation and analysis
  • M. Blackburn
  • Computer Science
    17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267)
  • 1998
The results summarized in this paper provide promising evidence that the use of test automation to support the manually intensive test generation and model-based analysis is feasible and practical.
T-VEC: a tool for developing critical systems
  • M. BlackburnR. Busser
  • Computer Science
    Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96
  • 1996
The paper describes the specification model, method, development environment, and tool qualification approach, and the capabilities of the automatic test generator are compared with foundational concepts and related testing strategies and mechanisms.
Automated consistency checking of requirements specifications
This article describes a formal analysis technique, called consistency checking, for automatic detection of errors, such as type errors, nondeterminism, missing cases, and circular definitions, in requirements specifications expressed in the SCR (Software Cost Reduction) tabular notation.
Automatic generation of test vectors for SCR-style specifications
This paper provides the basis for integrating the Software Cost Reduction (SCR) specification method with the T-VEC (Test VECtor) test vector generator and specification analysis system. The SCR
A Domain Strategy for Computer Program Testing
This paper presents a testing strategy desiged to detect errors in the control flow of a computer program, and the conditions under which this strategy is reliable are given and characterized. The
Industrial Application of Model-Based Testing
  • 16th International Conference and Exposition on Testing Computer Software
  • 1999
16th International Conference and Exposition on Testing Computer Software
  • June 14-18,
  • 1999
In Proceeding of the 12th Annual Conference on Computer Assurance
  • Gaithersburg, Maryland, pages 54-67, June,
  • 1997
  • 5(3):231-261,
  • 1996
Test Automation Framework, State-based and Signal Flow Examples
  • Twelfth Annual Software Technology Conference
  • 2000