Title :
Model-Based Security Vulnerability Testing
Author :
Salas, Percy A Pari ; Krishnan, Padmanabhan ; Ross, Kelvin J.
Author_Institution :
Centre for Software Assurance, Bond Univ., Gold Coast, Qld.
Abstract :
In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation details are by themselves inadequate for testing security vulnerabilities. We propose a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing. We define a three-model framework: a model or specification of the key aspects of the application, a model of the implementation and a model of the attacker, for automatic test case generation. This separation allows the test case generation process to test contexts missed by other model-based approaches. We also describe the key aspects of our tool that generates the tests.
Keywords :
formal specification; program testing; security of data; automatic test case generation; formal specification; model-based security vulnerability testing; Application software; Australia; Automatic testing; Bonding; Context modeling; Databases; Engines; Security; Software testing; System testing;
Conference_Titel :
Software Engineering Conference, 2007. ASWEC 2007. 18th Australian
Conference_Location :
Melbourne, Vic.
Print_ISBN :
0-7695-2778-7
DOI :
10.1109/ASWEC.2007.31
