A Threat Model Driven Approach for Security Testing

Authors:
Linzhang Wang;Eric Wong;Dianxiang Xu
Affiliations:
Nanjing University, China;University of Texas at Dallas, USA;North Dakota State University, USA
Venue:
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Year:
2007

Citing 12
Cited 5

Black-box testing: techniques for functional testing of software and systems

Black-box testing: techniques for functional testing of software and systems
Writing Secure Code

Writing Secure Code
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model Driven Engineering

IFM '02 Proceedings of the Third International Conference on Integrated Formal Methods
Scenario-Based Monitoring and Testing of Real-Time UML Models

«UML» '01 Proceedings of the 4th International Conference on The Unified Modeling Language, Modeling Languages, Concepts, and Tools
Threat Modeling

Threat Modeling
Software Security Testing

IEEE Security and Privacy
Generating Test Cases from UML Activity Diagram based on Gray-Box Method

APSEC '04 Proceedings of the 11th Asia-Pacific Software Engineering Conference
Software Penetration Testing

IEEE Security and Privacy
Software Security

IEEE Security and Privacy
Timing analysis of UML sequence diagrams

UML'99 Proceedings of the 2nd international conference on The unified modeling language: beyond the standard
Runtime verification of java programs for scenario-based specifications

Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies

The 3rd International Workshop on Software Engineering for Secure Systems SESS07--Dependable and Secure

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Research on software design level security vulnerabilities

ACM SIGSOFT Software Engineering Notes
Using implied scenarios in security testing

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Security mutation testing of the FileZilla FTP server

Proceedings of the 2011 ACM Symposium on Applied Computing
Modeling test cases for security protocols with SecureMDD

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.