Generating security tests in addition to functional tests

Authors:
Jacques Julliand;Pierre-Alain Masson;Regis Tissot
Affiliations:
LIFC - Laboratoire d'Informatique de l'Universite de Fran he-Comte, Besancon, France;LIFC - Laboratoire d'Informatique de l'Universite de Fran he-Comte, Besancon, France;LIFC - Laboratoire d'Informatique de l'Universite de Fran he-Comte, Besancon, France
Venue:
Proceedings of the 3rd international workshop on Automation of software test
Year:
2008

Citing 8
Cited 10

TGV: theory, principles and algorithms: A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems

International Journal on Software Tools for Technology Transfer (STTT) - Special section on high-level test of complex systems
Practical Model-Based Testing: A Tools Approach

Practical Model-Based Testing: A Tools Approach
Automatic generation of model based tests for a class of security properties

Proceedings of the 3rd international workshop on Advances in model-based testing
Mastering combinatorial explosion with the tobias-2 test generator

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Testing Security Policies: Going Beyond Functional Testing

ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Integrating formal verification and conformance testing for reactive systems

IEEE Transactions on Software Engineering
Safety property driven test generation from JML specifications

FATES'06/RV'06 Proceedings of the First combined international conference on Formal Approaches to Software Testing and Runtime Verification
LEIRIOS test generator: automated test generation from b models

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B

Generating Tests from B Specifications and Test Purposes

ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
A Verifiable Conformance Relationship between Smart Card Applets and B Security Models

ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
jSynoPSys -- A Scenario-Based Testing Tool based on the Symbolic Animation of B Machines

Electronic Notes in Theoretical Computer Science (ENTCS)
Syntactic abstraction of B models to generate tests

TAP'10 Proceedings of the 4th international conference on Tests and proofs
Evolution of security requirements tests for service-centric systems

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Association of under-approximation techniques for generating tests from models

TAP'11 Proceedings of the 5th international conference on Tests and proofs
A model-based approach to automated testing of access control policies

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
A taxonomy of model-based testing approaches

Software Testing, Verification & Reliability
Scenario-based testing using symbolic animation of B models

Software Testing, Verification & Reliability
B model slicing and predicate abstraction to generate tests

Software Quality Control

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper is about generating security tests, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the adaptation layer developed for the functional testing, and relies on an additional security model. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach with experiments on IAS.