Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Specification and development of interactive systems: focus on streams, interfaces, and refinement
Specification and development of interactive systems: focus on streams, interfaces, and refinement
Semi-formal test generation with genevieve
Proceedings of the 38th annual Design Automation Conference
Extended description techniques for security engineering
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Formal Eavesdropping and Its Computational Interpretation
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Specification-Based Testing of Firewalls
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Automating Test Case Generation from Z Specifications with Isabelle
ZUM '97 Proceedings of the 10th International Conference of Z Users on The Z Formal Specification Notation
Automating the Generation and Sequencing of Test Cases from Model-Based Specifications
FME '93 Proceedings of the First International Symposium of Formal Methods Europe on Industrial-Strength Formal Methods
Criteria for Generating Specification-Based Tests
ICECCS '99 Proceedings of the 5th International Conference on Engineering of Complex Computer Systems
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Sound development of secure service-based systems
Proceedings of the 2nd international conference on Service oriented computing
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Test Case Generation by OCL Mutation and Constraint Solving
QSIC '05 Proceedings of the Fifth International Conference on Quality Software
Refinement and Test Case Generation in UTP
Electronic Notes in Theoretical Computer Science (ENTCS)
Model-based Security Testing Using UMLsec
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Model-Based Automatic Testing of Attack Scenarios
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Protocol-Based Testing of Firewalls
SEEFM '09 Proceedings of the 2009 Fourth South-East European Workshop on Formal Methods
Using implied scenarios in security testing
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Linguistic security testing for text communication protocols
TAIC PART'10 Proceedings of the 5th international academic and industrial conference on Testing - practice and research techniques
Developing high-assurance secure systems with UML: a smartcard-based purchase protocol
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
Testing techniques in software engineering
Testing techniques in software engineering
Security mutants for property-based testing
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Message confidentiality testing of security protocols: passive monitoring and active checking
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Enabling security testing from specification to code
IFM'05 Proceedings of the 5th international conference on Integrated Formal Methods
From faults via test purposes to test cases: on the fault-based testing of concurrent systems
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool AUTOFOCUS. The test sequences are determined with respect to the system's required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.