Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Software security vulnerability testing in hostile environments
Proceedings of the 2002 ACM symposium on Applied computing
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
UMLintr: A UML Profile for Specifying Intrusions
ECBS '06 Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems
Using Attack Injection to Discover New Vulnerabilities
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
ICSTW '08 Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop
Security Protocol Testing Using Attack Trees
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Communication systems are inherently buggy. These flaws can lead to security breaches in applications, which a malicious user could exploit to cause security failures in the system and, under certain circumstances, to take complete control of the vulnerable system. In this paper, we introduce a novel attack injection approach based on attack modeling to perform security testing and detect potential security vulnerabilities. We use attack trees to describe the system flaws and derive corresponding attack scenarios. The attack scenarios are refined to executable scripts for testing tools that are in charge of injecting the attacks against the system. The approach is applied to the Wireless Application Protocol (WAP) currently used in low-tier mobile devices. We carried out experiments using real attacks such as Denial of Service (DoS) and Cipher Suite Rollback attacks. The experimental results show that the approach can achieve high efficiency in the role of uncovering vulnerabilities.