Black-box testing: techniques for functional testing of software and systems
Black-box testing: techniques for functional testing of software and systems
Writing Secure Code
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
IFM '02 Proceedings of the Third International Conference on Integrated Formal Methods
Scenario-Based Monitoring and Testing of Real-Time UML Models
«UML» '01 Proceedings of the 4th International Conference on The Unified Modeling Language, Modeling Languages, Concepts, and Tools
Threat Modeling
IEEE Security and Privacy
Generating Test Cases from UML Activity Diagram based on Gray-Box Method
APSEC '04 Proceedings of the 11th Asia-Pacific Software Engineering Conference
IEEE Security and Privacy
IEEE Security and Privacy
Timing analysis of UML sequence diagrams
UML'99 Proceedings of the 2nd international conference on The unified modeling language: beyond the standard
Runtime verification of java programs for scenario-based specifications
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Research on software design level security vulnerabilities
ACM SIGSOFT Software Engineering Notes
Using implied scenarios in security testing
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Security mutation testing of the FileZilla FTP server
Proceedings of the 2011 ACM Symposium on Applied Computing
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.