Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
A model-based attack injection approach for security validation
Proceedings of the 4th international conference on Security of information and networks
Computational aspects of attack---defense trees
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
In this paper we present an attack injectionapproach for security protocol testing aiming atvulnerability detection. We use attack tree model todescribe known attacks and derive injection testscenarios to test the security properties of the protocolunder evaluation. The test scenarios are converted to aspecific fault injector script after performing sometransformations. The attacker is emulated using a faultinjector. This model based approach facilitates thereusability and maintainability of the generatedinjection attacks as well as the generation of faultinjectors scripts. The approach is applied to anexisting mobile security protocol. We performedexperiments with truncation and DoS attacks; resultsshow good precision and efficiency in the injectionmethod.