Towards Model-Based Automatic Testing of Attack Scenarios

Authors:
M. Zulkernine;M. F. Raihan;M. G. Uddin
Affiliations:
School of Computing, Queen's University, Kingston, Canada K7L 3N6;School of Computing, Queen's University, Kingston, Canada K7L 3N6;Department of Electrical and Computer Engineering, Queen's University, Kingston, Canada K7L 3N6
Venue:
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Year:
2009

Citing 12
Cited 2

Model-based testing in practice

Proceedings of the 21st international conference on Software engineering
Specification-Based Test Generation for Security-Critical Systems Using Mutations

ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Testing for Software Vulnerability Using Environment Perturbation

DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Automated Testing of Security Functions Using a Combined Model and Interface-Driven Approach

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Software Security Testing

IEEE Security and Privacy
Software Penetration Testing

IEEE Security and Privacy
Sound methods and effective tools for model-based security engineering with UML

Proceedings of the 27th international conference on Software engineering
Tools for model-based security engineering

Proceedings of the 28th international conference on Software engineering
Dynamic Software Security Testing

IEEE Security and Privacy
Identifying andTesting for Insecure Paths in Cryptographic Protocol Implementations

COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 02
AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Model-Based Security Vulnerability Testing

ASWEC '07 Proceedings of the 2007 Australian Software Engineering Conference

SETER: Towards Architecture-Model Based Security Engineering

International Journal of Secure Software Engineering
A test-based security certification scheme for web services

ACM Transactions on the Web (TWEB)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Model-based testing techniques play a vital role in producing quality software. However, compared to the testing of functional requirements, these techniques are not prevalent that much in testing software security. This paper presents a model-based approach to automatic testing of attack scenarios. An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios. The techniques adopted in the framework are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines. The attack events, i.e., attack test vectors chosen from the attacks happening in real-world are converted to the test driver specific events ready to be tested against the attack signatures. The proposed framework is implemented and evaluated using the most common attack scenarios. The framework is useful to test software with respect to potential attacks which can significantly reduce the risk of security vulnerabilities.