Model-based Approach to Security Test Automation
@inproceedings{Blackburn2001ModelbasedAT, title={Model-based Approach to Security Test Automation}, author={Mark R. Blackburn and Robert Busser and Aaron Nauman and Ramaswamy Chandramouli}, year={2001} }
Security functional testing is a costly activity typically performed by security evaluation laboratories. These laboratories have struggled to keep pace with increasing demand to test numerous product variations. This paper summarizes the results of applying a model-based approach to automate functional security testing. The approach involves developing models of security requirements as the basis for automatic test vector and test driver generation. In the application, security properties were…
42 Citations
Model-Based Security Testing
- Computer ScienceMBT
- 2012
This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.
A Security Assurance Framework Combining Formal Verification and Security Functional Testing
- Computer Science2012 12th International Conference on Quality Software
- 2012
A framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure and comparison results of mutation test explore the efficiency of this test approach.
Interface-driven Model-based Test Generation of Java Test Drivers
- Computer Science
- 2002
This paper extends prior work in model-based verification and describes interface-driven analysis that combines textual requirement modeling to support automated test generation of Java test scripts…
Interface-Driven Model-Based Generation of Java Test Drivers
- Computer Science
- 2002
This paper describes interface-driven analysis that combines with a requirement model to support automated generation of Java test scripts to support security functionality of an Oracle database using Java and Structured Query Language(SQL) test drivers.
Towards Model-Based Automatic Testing of Attack Scenarios
- Computer ScienceSAFECOMP
- 2009
An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios, and are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines.
Automated Security Test Generation with Formal Threat Models
- Computer ScienceIEEE Transactions on Dependable and Secure Computing
- 2012
This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transition nets, which generates all attack paths from a threat model and converts them into executable test code according to the given Model-Implementation Mapping (MIM) specification.
Security Attack Testing (SAT) - testing the security of information systems at design time
- Computer ScienceInf. Syst.
- 2007
Defect Identification With Model-Based Test Automation
- Computer Science
- 2003
A Test Automation Framework (TAF) combining tools and methods to automate comprehensive test generation based on models is discussed, which leads to dramatic performance and quality gains relative to manual test generation.
CORAL: A Model-Based Approach to Risk-Driven Security Testing
- Computer Science
- 2016
This thesis proposes a model-based approach to risk-driven security testing, named CORAL, which is specifically developed to help security testers select and design test cases based on the available risk picture, and results indicate that CORAL supports security testers in producing risk models that are valid and directly testable.
Specifying Security Aspects in UML Models
- Computer ScienceMODSEC@MoDELS
- 2008
A technique to specify UML security stereotypes is presented, aiming to guide developers by annotating vulnerable model parts and to allow the automatic security test case generation.
References
SHOWING 1-10 OF 19 REFERENCES
Using models for test generation and analysis
- Computer Science17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267)
- 1998
The results summarized in this paper provide promising evidence that the use of test automation to support the manually intensive test generation and model-based analysis is feasible and practical.
T-VEC: a tool for developing critical systems
- Computer ScienceProceedings of 11th Annual Conference on Computer Assurance. COMPASS '96
- 1996
The paper describes the specification model, method, development environment, and tool qualification approach, and the capabilities of the automatic test generator are compared with foundational concepts and related testing strategies and mechanisms.
Automated consistency checking of requirements specifications
- Computer ScienceTSEM
- 1996
This article describes a formal analysis technique, called consistency checking, for automatic detection of errors, such as type errors, nondeterminism, missing cases, and circular definitions, in requirements specifications expressed in the SCR (Software Cost Reduction) tabular notation.
Automatic generation of test vectors for SCR-style specifications
- Computer ScienceProceedings of COMPASS '97: 12th Annual Conference on Computer Assurance
- 1997
This paper provides the basis for integrating the Software Cost Reduction (SCR) specification method with the T-VEC (Test VECtor) test vector generator and specification analysis system. The SCR…
A Domain Strategy for Computer Program Testing
- Computer ScienceIEEE Transactions on Software Engineering
- 1980
This paper presents a testing strategy desiged to detect errors in the control flow of a computer program, and the conditions under which this strategy is reliable are given and characterized. The…
Industrial Application of Model-Based Testing
- 16th International Conference and Exposition on Testing Computer Software
- 1999
16th International Conference and Exposition on Testing Computer Software
- June 14-18,
- 1999
In Proceeding of the 12th Annual Conference on Computer Assurance
- Gaithersburg, Maryland, pages 54-67, June,
- 1997
ACM TOSEM
- 5(3):231-261,
- 1996
Test Automation Framework, State-based and Signal Flow Examples
- Twelfth Annual Software Technology Conference
- 2000