• Corpus ID: 16803955

Model-based Approach to Security Test Automation

  title={Model-based Approach to Security Test Automation},
  author={Mark R. Blackburn and Robert Busser and Aaron Nauman and Ramaswamy Chandramouli},
Security functional testing is a costly activity typically performed by security evaluation laboratories. These laboratories have struggled to keep pace with increasing demand to test numerous product variations. This paper summarizes the results of applying a model-based approach to automate functional security testing. The approach involves developing models of security requirements as the basis for automatic test vector and test driver generation. In the application, security properties were… 

Figures and Tables from this paper

Model-Based Security Testing

This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

A Security Assurance Framework Combining Formal Verification and Security Functional Testing

A framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure and comparison results of mutation test explore the efficiency of this test approach.

Interface-driven Model-based Test Generation of Java Test Drivers

This paper extends prior work in model-based verification and describes interface-driven analysis that combines textual requirement modeling to support automated test generation of Java test scripts

Interface-Driven Model-Based Generation of Java Test Drivers

This paper describes interface-driven analysis that combines with a requirement model to support automated generation of Java test scripts to support security functionality of an Oracle database using Java and Structured Query Language(SQL) test drivers.

Towards Model-Based Automatic Testing of Attack Scenarios

An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios, and are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines.

Knowledge-based security testing of web applications by logic programming

The method and its model-based tool implementation are evaluated in two studies, which show the method’s effectiveness in detecting vulnerabilities in web applications and thus, also its value in making software system more secure.

Automated Security Test Generation with Formal Threat Models

This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transition nets, which generates all attack paths from a threat model and converts them into executable test code according to the given Model-Implementation Mapping (MIM) specification.

Defect Identification With Model-Based Test Automation

A Test Automation Framework (TAF) combining tools and methods to automate comprehensive test generation based on models is discussed, which leads to dramatic performance and quality gains relative to manual test generation.

A threat model‐based approach to security testing

A threat model‐based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests and is effective in exposing vulnerabilities is proposed.

Modeling test cases for security protocols with SecureMDD



Using models for test generation and analysis

  • M. Blackburn
  • Computer Science
    17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267)
  • 1998
The results summarized in this paper provide promising evidence that the use of test automation to support the manually intensive test generation and model-based analysis is feasible and practical.

T-VEC: a tool for developing critical systems

  • M. BlackburnR. Busser
  • Computer Science
    Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96
  • 1996
The paper describes the specification model, method, development environment, and tool qualification approach, and the capabilities of the automatic test generator are compared with foundational concepts and related testing strategies and mechanisms.

Automated consistency checking of requirements specifications

This article describes a formal analysis technique, called consistency checking, for automatic detection of errors, such as type errors, nondeterminism, missing cases, and circular definitions, in requirements specifications expressed in the SCR (Software Cost Reduction) tabular notation.

Automatic generation of test vectors for SCR-style specifications

This paper provides the basis for integrating the Software Cost Reduction (SCR) specification method with the T-VEC (Test VECtor) test vector generator and specification analysis system. The SCR

A Domain Strategy for Computer Program Testing

This paper presents a testing strategy desiged to detect errors in the control flow of a computer program, and the conditions under which this strategy is reliable are given and characterized. The

Industrial Application of Model-Based Testing

  • 16th International Conference and Exposition on Testing Computer Software
  • 1999

16th International Conference and Exposition on Testing Computer Software

  • June 14-18,
  • 1999

In Proceeding of the 12th Annual Conference on Computer Assurance

  • Gaithersburg, Maryland, pages 54-67, June,
  • 1997


  • 5(3):231-261,
  • 1996

Test Automation Framework, State-based and Signal Flow Examples

  • Twelfth Annual Software Technology Conference
  • 2000