Title :
TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing
Author :
Kobashi, Takanori ; Yoshizawa, Masatoshi ; Washizaki, Hironori ; Fukazawa, Yoshiaki ; Yoshioka, Nobukazu ; Okubo, Takano ; Kaiya, Haruhiko
Author_Institution :
Comput. Sci. & Eng. Dept., Waseda Univ., Tokyo, Japan
Abstract :
Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.
Keywords :
formal specification; program testing; program verification; security of data; software tools; TESEM; design-level pattern; development process; development stage; model testing; requirement-level pattern; security design pattern application verification; software product; test driven secure modeling tool; threat specification; vulnerability specification; Generators; Security; Software; Systematics; Testing; Unified modeling language;
Conference_Titel :
Software Testing, Verification and Validation (ICST), 2015 IEEE 8th International Conference on
Conference_Location :
Graz
DOI :
10.1109/ICST.2015.7102633
