Model-based Security Testing Using UMLsec A Case Study

被引:29
|
作者
Juerjens, Jan [1 ]
机构
[1] Open Univ, Comp Dept, Milton Keynes, Bucks, England
来源
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2008年 / 220卷 / 01期
关键词
Model-based Testing; UML; Security; UMLsec;
D O I
10.1016/j.entcs.2008.11.008
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard.
引用
收藏
页码:93 / 104
页数:12
相关论文
共 50 条
  • [1] Model-based security engineering of distributed information systems using UMLsec
    Best, Bastian
    Jurjens, Jan
    Nuseibeh, Bashar
    ICSE 2007: 29TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2007, : 581 - +
  • [2] Model-Based Security Testing
    Schieferdecker, Ina
    Grossmann, Juergen
    Schneider, Martin
    ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2012, (80): : 1 - 12
  • [3] Model-based security vulnerability testing
    Pari Salas, Percy A.
    Krishnan, Padmanabhan
    Ross, Kelvin J.
    2007 AUSTRALIAN SOFTWARE ENGINEERING CONFERENCE, PROCEEDINGS, 2007, : 284 - +
  • [4] A case study in model-based testing of specifications and implementations
    Miller, Tim
    Strooper, Paul
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2012, 22 (01): : 33 - 63
  • [5] Model-Based Testing of SDN Firewalls: A Case Study
    Alsmadi, Izzat
    Munakami, Milson
    Xu, Dianxiang
    2015 SECOND INTERNATIONAL CONFERENCE ON TRUSTWORTHY SYSTEMS AND THEIR APPLICATIONS, 2015, : 73 - 80
  • [6] A threat model-based approach to security testing
    Marback, Aaron
    Do, Hyunsook
    He, Ke
    Kondamarri, Samuel
    Xu, Dianxiang
    SOFTWARE-PRACTICE & EXPERIENCE, 2013, 43 (02): : 241 - 258
  • [7] Model-Based Security Testing of Vehicle Networks
    Sommer, Florian
    Kriesten, Reiner
    Kargl, Frank
    2021 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE (CSCI 2021), 2021, : 685 - 691
  • [8] Architecture conformance analysis using model-based testing: A case study approach
    Uzun, Burak
    Tekinerdogan, Bedir
    SOFTWARE-PRACTICE & EXPERIENCE, 2019, 49 (03): : 423 - 448
  • [9] Model-based Security Testing: an Empirical Study on OAuth 2.0 Implementations
    Yang, Ronghai
    Li, Guanchen
    Lau, Wing Cheong
    Zhang, Kehuan
    Hu, Pili
    ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 651 - 662
  • [10] Using Feature Model to Support Model-Based Testing of Product Lines: An Industrial Case Study
    Wang, Shuai
    Ali, Shaukat
    Yue, Tao
    Liaaen, Marius
    2013 13TH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE (QSIC), 2013, : 75 - 84
12345