Towards Automation of Testing High-Level Security Properties

Authors:
Aiman Hanna;Hai Zhou Ling;Jason Furlong;Mourad Debbabi
Affiliations:
Computer Security Laboratory, CIISE, Concordia University, Montreal (QC), Canada;Computer Security Laboratory, CIISE, Concordia University, Montreal (QC), Canada;Computer Security Laboratory, CIISE, Concordia University, Montreal (QC), Canada;Computer Security Laboratory, CIISE, Concordia University, Montreal (QC), Canada
Venue:
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2008

Citing 9
Cited 1

Automated Software Test Data Generation

IEEE Transactions on Software Engineering
The chaining approach for software test data generation

ACM Transactions on Software Engineering and Methodology (TOSEM)
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
SELECT—a formal system for testing and debugging programs by symbolic execution

Proceedings of the international conference on Reliable software
Data Dependence Based Testability Transformation in Automated Test Generation

ISSRE '05 Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering
Compiler generation from structural architecture descriptions

CASES '07 Proceedings of the 2007 international conference on Compilers, architecture, and synthesis for embedded systems
Team Edit Automata for Testing Security Property

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
A System to Generate Test Data and Symbolically Execute Programs

IEEE Transactions on Software Engineering
Automatic generation of random self-checking test cases

IBM Systems Journal

One approach to the testing of security of proposed database application software

Proceedings of the 15th WSEAS international conference on Computers

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many security problems only become apparent after software is deployed, and in many cases a failure has occurred prior to the awareness of the problem. Although many would argue that the simpler solution to the problem would be to test the software before deploying it. Although we support this argument, we understand that it is not necessarily applicable in a modern development environment. Software testing is labor intensive and is very expensive from a time and cost perspective. While much research has been undertake to automate software testing, very little has been directed at security testing. Additionally, the majority of these efforts have targeted low-level security (safety) instead of high-level security. In this paper, we present elements of a solution towards automation of testing security properties and for the generation of test data suites for detecting security vulnerabilities in software.