Model-based testing in practice
Proceedings of the 21st international conference on Software engineering
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Testing for Software Vulnerability Using Environment Perturbation
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Automated Testing of Security Functions Using a Combined Model and Interface-Driven Approach
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
IEEE Security and Privacy
IEEE Security and Privacy
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Tools for model-based security engineering
Proceedings of the 28th international conference on Software engineering
Dynamic Software Security Testing
IEEE Security and Privacy
Identifying andTesting for Insecure Paths in Cryptographic Protocol Implementations
COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 02
AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Model-Based Security Vulnerability Testing
ASWEC '07 Proceedings of the 2007 Australian Software Engineering Conference
SETER: Towards Architecture-Model Based Security Engineering
International Journal of Secure Software Engineering
A test-based security certification scheme for web services
ACM Transactions on the Web (TWEB)
Hi-index | 0.00 |
Model-based testing techniques play a vital role in producing quality software. However, compared to the testing of functional requirements, these techniques are not prevalent that much in testing software security. This paper presents a model-based approach to automatic testing of attack scenarios. An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios. The techniques adopted in the framework are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines. The attack events, i.e., attack test vectors chosen from the attacks happening in real-world are converted to the test driver specific events ready to be tested against the attack signatures. The proposed framework is implemented and evaluated using the most common attack scenarios. The framework is useful to test software with respect to potential attacks which can significantly reduce the risk of security vulnerabilities.