SETAM: An Integrated Model for Software Security Testing Requirements Behavior

被引：0

作者：

Hui, Zhanwei ^{[1
]}

Huang, Song ^{[1
,2
]}

Liu, Xiaoming ^{[1
,2
]}

Hu, Bin ^{[1
,2
]}

机构：

[1] Univ Sci & Technol, Software Testing & Evaluat Ctr PLA, Nanjing 210007, Jiangsu, Peoples R China

[2] PLA Software Test & Evaluat Ctr Mil Training, Nanjing 210007, Jiangsu, Peoples R China

来源：

INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL | 2012年 / 15卷 / 11A期

基金：

国家高技术研究发展计划(863计划);

关键词：

Security testing; Security Adversary testing; Security Use Cases; Misuse Cases;

D O I：

暂无

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Security requirements engineers usually only need to provide software security requirements (SSR), and they unnecessarily specify software security behavior mechanisms, which are critical not only for software security design but also for software security testing. After discussing the relations and differences between security use cases and misuse cases, and analyzing the relation among software security function testing, software security adversary testing and software security adversary testing, we provide an integrated model, SETAM, for software security testing requirements, which is based on security function testing use cases and adversary testing use cases. And at last, we compare them on different characteristics, and show our experiment results at the end of our paper, which would also illustrate the effectiveness of our model.

引用

页码：4435 / 4442

页数：8

共 50 条

[31] Towards security requirements management for software product lines:: A security domain requirements engineering process
Mellado, Daniel
Fernandez-Medina, Eduardo
Piattini, Mario
COMPUTER STANDARDS & INTERFACES, 2008, 30 (06) : 361 - 371
[32] Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems
Brunner, Michael
Huber, Michael
Sauerwein, Clemens
Breu, Ruth
2017 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C), 2017, : 334 - 340
[33] Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems
Salini, P.
Kanmani, S.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2016, 15 (03) : 319 - 334
[34] Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems
P. Salini
S. Kanmani
International Journal of Information Security, 2016, 15 : 319 - 334
[35] Security Guarantees for Automated Software Testing
Liyanage, Danushka
PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), 2021, : 1610 - 1614
[36] A Regression Model Based Approach for Identifying Security Requirements in Open Source Software Development
Wang, Wentao
Hussein, Nesrin
Gupta, Arushi
Wang, Yinglin
2017 IEEE 25TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE WORKSHOPS (REW), 2017, : 443 - 446
[37] Information Security Protection in Software Testing
Wang, Yubin
Yao, Jinyu
Yu, Xiaoxue
2018 14TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2018, : 449 - 452
[38] Data Oriented Software Security Testing
Hong Yu
Liu Xiao-ming
Huang Song
Zheng Chang-you
PROCEEDINGS OF THE 2012 SECOND INTERNATIONAL CONFERENCE ON INSTRUMENTATION & MEASUREMENT, COMPUTER, COMMUNICATION AND CONTROL (IMCCC 2012), 2012, : 676 - 679
[39] On Testing Security Requirements in Industry - A Survey Study
Kopczynska, Sylwia
Vieira, Daniel Craviee De Abreu
Ochodek, Miroslaw
REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY, REFSQ 2022, 2022, 13216 : 183 - 198
[40] Testing Security Requirements with Non-Experts
Peischl, Bernhard
Felderer, Michael
Beer, Armin
2016 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS 2016), 2016, : 254 - 261

← 1 2 3 4 5 →