Extended description techniques for security engineering
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Specification-Based Testing of Firewalls
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Modelling Audit Security for Smart-Cart Payment Schemes with UML-SEC
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications
I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Traffic Lights - An AutoFocus Case Study
CSD '98 Proceedings of the 1998 International Conference on Application of Concurrency to System Design
Tool Supported Specification and Simulation of Distributed Systems
PDSE '98 Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems
Formally Testing Fail-Safety of Electronic Purse Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
Model Based Testing in Evolutionary Software Development
RSP '01 Proceedings of the 12th International Workshop on Rapid System Prototyping
Formal Security Analysis with Interacting State Machines
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Formally Testing Fail-Safety of Electronic Purse Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
Linguistic security testing for text communication protocols
TAIC PART'10 Proceedings of the 5th international academic and industrial conference on Testing - practice and research techniques
Message confidentiality testing of security protocols: passive monitoring and active checking
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
| Hi-index | 0.00 |
Designing and implementing security-critical systemscorrectly is difficult. In practice, most vulnerabilities arisefrom bugs in implementations. We present work towardssystematic specification-based testing of security-criticalsystems using the CASE tool AutoFocus.Cryptographic systems are formally specified with statetransition diagrams, a notation for state machines in theAutoFocus system. We show how to systematically generatetest sequences for security properties based on the modelthat can be used to test the implementation for vulnerabilities.In particular, we focus on the principle of fail-safety.We explain our method at the example of a part of the CommonElectronic Purse Specifications (CEPS).Most commonly, attacks address vulnerabilities in theway security mechanisms are used, rather than the mechanismsthemselves. Being able to treat security aspects witha general CASE tool within the context of system developmentenables detection of such vulnerabilities.