Model-based Approach to Security Test Automation
نویسندگان
چکیده
Security functional testing is a costly activity typically performed by security evaluation laboratories. These laboratories have struggled to keep pace with increasing demand to test numerous product variations. This paper summarizes the results of applying a model-based approach to automate functional security testing. The approach involves developing models of security requirements as the basis for automatic test vector and test driver generation. In the application, security properties were modeled and the resulting tests were executed against Oracle and Interbase database engines through a fully automated process. The findings indicate the approach, proven successful in a variety of other application domains, provides a cost-effective solution to functional security testing.
منابع مشابه
Security Functional Testing Using An Interface-Driven Model-Based Test Automation Approach
Independent security functional testing on a product occupies a backseat in traditional security evaluation because of the cost and stringent coverage requirements. In this paper we present the details of an approach we have developed to automate security functional testing. The underlying framework is called TAF (Test Automation Framework) and the toolkit we have developed based on TAF is the ...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملA Systems Approach to Information Technology (IT) Infrastructure Design for Utility Management Automation Systems
Almost all of electric utility companies are planning to improve their management automation system, in order to meet the changing requirements of new liberalized energy market and to benefit from the innovations in information and communication technology (ICT or IT). Architectural design of the utility management automation (UMA) systems for their IT-enabling requires proper selection of ...
متن کاملRisk-Based Vulnerability Testing Using Security Test Patterns
This paper introduces an original security testing approach guided by risk assessment, by means of risk coverage, to perform and automate vulnerability testing for Web applications. This approach, called Risk-Based Vulnerability Testing, adapts Model-Based Testing techniques, which are mostly used currently to address functional features. It also extends Model-Based Vulnerability Testing techni...
متن کاملFrom Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detec...
متن کامل