Model-based Security Testing Using UMLsec A Case Study

被引:29
|
作者
Juerjens, Jan [1 ]
机构
[1] Open Univ, Comp Dept, Milton Keynes, Bucks, England
来源
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2008年 / 220卷 / 01期
关键词
Model-based Testing; UML; Security; UMLsec;
D O I
10.1016/j.entcs.2008.11.008
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard.
引用
收藏
页码:93 / 104
页数:12
相关论文
共 50 条
  • [21] Model-based Automated Testing of Mobile Applications: An Industrial Case Study
    Karlsson, Stefan
    Causevic, Adnan
    Sundmark, Daniel
    Larsson, Marten
    2021 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2021), 2021, : 130 - 137
  • [22] Model-based mutation testing from security protocols in HLPSL
    Dadeau, Frederic
    Heam, Pierre-Cyrille
    Kheddam, Rafik
    Maatoug, Ghazi
    Rusinowitch, Michael
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2015, 25 (5-7): : 684 - 711
  • [23] Vulnerability Model-based Web Applications Security Testing Approach
    He Cheng
    Liu Yanfei
    ADVANCES IN MECHATRONICS AND CONTROL ENGINEERING III, 2014, 678 : 468 - 472
  • [24] MobSTer: A model-based security testing framework for web applications
    Peroli, Michele
    De Meo, Federico
    Vigano, Luca
    Guardini, Davide
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2018, 28 (08):
  • [25] A model-based approach to the security testing of network protocol implementations
    Allen, William H.
    Dou, Chin
    Marin, Gerald A.
    31ST IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, 2006, : 1008 - +
  • [26] A Model-Based Framework for Security Policy Specification, Deployment and Testing
    Mouelhi, Tejeddine
    Fleurey, Franck
    Baudry, Benoit
    Le Traon, Yves
    MODEL DRIVEN ENGINEERING LANGUAGES AND SYSTEMS, PROCEEDINGS, 2008, 5301 : 537 - 552
  • [27] Survey of Model-Based Security Testing Approaches in the Automotive Domain
    Sommer, Florian
    Kriesten, Reiner
    Kargl, Frank
    IEEE ACCESS, 2023, 11 : 55474 - 55514
  • [28] Model-based security testing in IoT systems: A Rapid Review
    Lonetti, Francesca
    Bertolino, Antonia
    Di Giandomenico, Felicita
    INFORMATION AND SOFTWARE TECHNOLOGY, 2023, 164
  • [29] Model-based Testing and Monitoring using AgileUML
    Lano, Kevin
    Jin, Kunxiang
    Tyagi, Shefali
    12TH INTERNATIONAL CONFERENCE ON AMBIENT SYSTEMS, NETWORKS AND TECHNOLOGIES (ANT) / THE 4TH INTERNATIONAL CONFERENCE ON EMERGING DATA AND INDUSTRY 4.0 (EDI40) / AFFILIATED WORKSHOPS, 2021, 184 : 773 - 778
  • [30] Model-based security testing Deriving test models from artefacts of security engineering
    Lunkeit, Armin
    Schieferdecker, Ina
    2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW), 2018, : 244 - 251
12345