Software testing at the architectural level
ISAW '96 Joint proceedings of the second international software architecture workshop (ISAW-2) and international workshop on multiple perspectives in software development (Viewpoints '96) on SIGSOFT '96 workshops
An explorative journey from architectural tests definition down to code tests execution
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
IWTCS Proceedings of the IFIP TC6 11th International Workshop on Testing Communicating Systems
Generate Certified Test Cases by Combining Theorem Proving and Reachability Analysis
TestCom '02 Proceedings of the IFIP 14th International Conference on Testing Communicating Systems XIV
Deriving Tests From Software Architectures
ISSRE '01 Proceedings of the 12th International Symposium on Software Reliability Engineering
SCL: a language for security testing of network applications
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Architecting Fault-tolerant Component-based Systems: from requirements to testing
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Model-Based Testing with Architecture Models
ECBS '07 Proceedings of the 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems
The AADL behaviour annex -- experiments and roadmap
ICECCS '07 Proceedings of the 12th IEEE International Conference on Engineering Complex Computer Systems
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
ICECCS '08 Proceedings of the 13th IEEE International Conference on on Engineering of Complex Computer Systems
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Model-based Security Testing Using UMLsec
Electronic Notes in Theoretical Computer Science (ENTCS)
Functional test generation using design and property decomposition techniques
ACM Transactions on Embedded Computing Systems (TECS)
Towards Model-Based Automatic Testing of Attack Scenarios
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Resilience of Interaction Techniques to Interrupts: A Formal Model-Based Approach
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
An Approach for Test Selection for EFSMs Using a Theorem Prover
TESTCOM '09/FATES '09 Proceedings of the 21st IFIP WG 6.1 International Conference on Testing of Software and Communication Systems and 9th International FATES Workshop
An Automatic Generation Method of Executable Test Case Using Model-Driven Architecture
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
Model-Checking Driven Security Testing of Web-Based Applications
ICSTW '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops
Secure Systems Development with UML
Secure Systems Development with UML
Exploring resilience towards risks in eoperations in the oil and gas industry
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Theoretical steps towards modelling resilience in complex systems
ICCSA'06 Proceedings of the 6th international conference on Computational Science and Its Applications - Volume Part I
| Hi-index | 0.00 |
The quality of software systems strongly depends on their architecture. For this reason, taking into account security requirements at the architecture level is crucial for the success of secure software development. Today, systems are permanently evolving due to customer needs, technology evolution or maintenance constraints. Thus, a resilient secure system is expected to evolve towards more satisfaction of its security requirements Guelfi 2011. In particular, such evolution process should identify and eliminate faults and vulnerabilities during the development process or runtime. This study focuses on the design phases and aims to propose a resilient software engineering process guaranteeing the development of secure systems that satisfy their critical requirements. During the development process, the system is expected to evolve until reaching satisfactory compliance against its requirements. The satisfaction computation is based on the quantification of failures and degradations. In this paper, the authors propose a novel architecture model-based security testing approach for identifying faults and vulnerabilities. The originality of the proposal resides in the usage of the architecture model for security testing and in coupling security requirements with threat model for generating both security functional test cases and malicious test cases. The assessment of the security requirements' satisfaction and the overall system resilience is based on the test traces analysis. Throughout this study, a client-server system is used as a running example for illustrating the approach.