Model-Based Security Vulnerability Testing

In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation det...

Full description

Saved in:
Bibliographic Details
Main Authors: Salas, P.A.P., Padmanabhan Krishnan, Ross, K.J.
Format: Conference Proceeding
Language:English
Subjects:
Application software
Australia
Automatic testing
Bonding
Context modeling
Engines
Security
Software testing
System testing
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation details are by themselves inadequate for testing security vulnerabilities. We propose a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing. We define a three-model framework: a model or specification of the key aspects of the application, a model of the implementation and a model of the attacker, for automatic test case generation. This separation allows the test case generation process to test contexts missed by other model-based approaches. We also describe the key aspects of our tool that generates the tests.
ISSN:1530-0803
2377-5408
DOI:10.1109/ASWEC.2007.31