Inference of message sequence charts
Proceedings of the 22nd international conference on Software engineering
Detecting implied scenarios in message sequence chart specifications
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Writing Secure Code
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Scenario-Based Analysis of Software Architecture
IEEE Software
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
IEEE Security and Privacy
Threat Modeling
Incremental elaboration of scenario-based specifications and behavior models using implied scenarios
ACM Transactions on Software Engineering and Methodology (TOSEM)
Comparison of Scenario-Based Software Architecture Evaluation Methods
APSEC '04 Proceedings of the 11th Asia-Pacific Software Engineering Conference
Model-Based Security Vulnerability Testing
ASWEC '07 Proceedings of the 2007 Australian Software Engineering Conference
A Threat Model Driven Approach for Security Testing
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Detecting Implied Scenarios from Execution Traces
WCRE '07 Proceedings of the 14th Working Conference on Reverse Engineering
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Semi-automated detection of architectural threats for security testing
Proceedings of the doctoral symposium for ESEC/FSE on Doctoral symposium
LTSA-MSC: tool support for behaviour model elaboration using implied scenarios
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Using scenarios to predict the reliability of concurrent component-based software systems
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
| Hi-index | 0.00 |
Existing security testing techniques often fail to reveal critical security threats, partly because testers focus on testing known and expected behaviours, and consequently, ignore testing for unspecified behaviours that are frequently targeted by attackers. The novel contribution of this paper is an exploratory example of the use of Implied Scenarios detection to the problem of security testing. Implied scenarios arise when the desired global behaviour is implemented component-wise. These scenarios can have security consequences on the system, and thus provide useful feedback for the security posture of the system. We introduce the application of Implied Scenario detection for security testing to reveal unexpected interactions between system components. We motivate its need by drawing on the limitations of existing work on testing for security. We adapt a model-driven approach to guide the testing process. We use an example to illustrate the feasibility and the applicability of the suggestion, and for evaluating its potential benefits.