Evolution of security requirements tests for service-centric systems

Authors:
Michael Felderer;Berthold Agreiter;Ruth Breu
Affiliations:
Institute of Computer Science, University of Innsbruck, Austria;Institute of Computer Science, University of Innsbruck, Austria;Institute of Computer Science, University of Innsbruck, Austria
Venue:
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Year:
2011

Citing 10
Cited 1

Automated regression testing using DBT and Sleuth

Journal of Software Maintenance: Research and Practice
UMLsec: Extending UML for Secure Systems Development

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
An approach for selective state machine based regression testing

Proceedings of the 3rd international workshop on Advances in model-based testing
Software Evolution

Software Evolution
Generating security tests in addition to functional tests

Proceedings of the 3rd international workshop on Automation of software test
Automating regression test selection based on UML designs

Information and Software Technology
Security Engineering for Service-Oriented Architectures

Security Engineering for Service-Oriented Architectures
Towards Adaptive Test Code Generation for Service Oriented Systems

QSIC '09 Proceedings of the 2009 Ninth International Conference on Quality Software
Ten Principles for Living Models - A Manifesto of Change-Driven Software Engineering

CISIS '10 Proceedings of the 2010 International Conference on Complex, Intelligent and Software Intensive Systems
Why Measuring Security Is Hard

IEEE Security and Privacy

A generic platform for model-based regression testing

ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is an important quality aspect of open service-- centric systems. However, it is challenging to keep such systems secure because of steady evolution. Thus, security requirements testing, considering system changes is crucial to provide a certain level of reliability in a service-centric system. In this paper, we present a model-driven method to system level security testing of service-centric systems focusing on the aspect of requirements, system and test evolution. As requirements and the system may change over time, regular adaptations to the tests of security requirements are essential to retain, or even improve, system quality. We attach state machines to all model elements of our systemand test model to obtain consistent and traceable evolution of the system and its tests. We highlight the specifics for the evolution of security requirements, and show by a case study how changes of the attached tests are managed.