Title :
Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)
Author :
Hanna, Aiman ; Ling, Hai Zhou ; Furlong, Jason ; Yang, Zhenrong ; Debbabi, Mourad
Author_Institution :
Comput. Security Lab., Concordia Univ., Montreal, QC
Abstract :
In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.
Keywords :
program testing; security of data; security chaining approach; security vulnerability detection process; software security testing; team edit automata; Automata; Automatic testing; Automation; Computer security; Data analysis; Data security; Engines; Monitoring; Software quality; Software testing; Control Flow Analysis; Data Dependency; Dynamic Analysis; Security Automata; Security Testing; Test-Data Generation;
Conference_Titel :
Quality Software, 2008. QSIC '08. The Eighth International Conference on
Conference_Location :
Oxford
Print_ISBN :
978-0-7695-3312-4
DOI :
10.1109/QSIC.2008.35
