Title :
An Attack Scenario Based Approach for Software Security Testing at Design Stage
Author :
He, Ke ; Feng, Zhiyong ; Li, Xiaohong
Author_Institution :
Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China
Abstract :
This paper presents an attack scenario based approach for software security testing at design stage. Attack scenarios are represented as extended activity diagram (EAD) and new unified threat model (NUTM). Security test cases are derived from attack scenarios automatically according to coverage criteria of complex attack path. These test cases are applied to test the security of system. According to test case results, the system can be improved by mitigations. In addition, attack pattern and security pattern are provided for developers to characterize and reuse well-studied attacks and mitigations in a quick and correct way. We illustrate our approach with an example of online banking system. The example shows that our attack scenario based approach can help developers to test the system¿s response to potential attacks and then improve system design to satisfy necessary security requirements at early design stage.
Keywords :
security of data; software engineering; attack pattern; attack scenario; extended activity diagram; new unified threat model; online banking system; security pattern; software attack; software design; software security testing; system security; Automatic testing; Banking; Computer science; Computer security; Helium; Information security; Logic; Software testing; System testing; Turing machines; attack scenario; software security testing;
Conference_Titel :
Computer Science and Computational Technology, 2008. ISCSCT '08. International Symposium on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-3746-7
DOI :
10.1109/ISCSCT.2008.116
