Model-Based Security Vulnerability Testing

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Percy A. Pari Salas Articles by Padmanabhan Krishnan Articles by Kelvin J. Ross

2007 Australian Software Engineering Conference (ASWEC'07)

Melbourne, Australia

April 10-April 13

ISBN: 0-7695-2778-7

	ASCII Text	x
	Percy A. Pari Salas, Padmanabhan Krishnan, Kelvin J. Ross, "Model-Based Security Vulnerability Testing," Australian Software Engineering Conference, pp. 284-296, 2007 Australian Software Engineering Conference (ASWEC'07), 2007.

	BibTex	x
	@article{ 10.1109/ASWEC.2007.31, author = {Percy A. Pari Salas and Padmanabhan Krishnan and Kelvin J. Ross}, title = {Model-Based Security Vulnerability Testing}, journal ={Australian Software Engineering Conference}, volume = {0}, year = {2007}, issn = {1530-0803}, pages = {284-296}, doi = {http://doi.ieeecomputersociety.org/10.1109/ASWEC.2007.31}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Australian Software Engineering Conference TI - Model-Based Security Vulnerability Testing SN - 1530-0803 SP284 EP296 A1 - Percy A. Pari Salas, A1 - Padmanabhan Krishnan, A1 - Kelvin J. Ross, PY - 2007 KW - null VL - 0 JA - Australian Software Engineering Conference ER -

Percy A. Pari Salas, Bond University, Australia

Padmanabhan Krishnan, Bond University, Australia

Kelvin J. Ross, K.J. Ross & Associates Pty. Ltd., Australia

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ASWEC.2007.31

In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation details are by themselves inadequate for testing security vulnerabilities. We propose a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing. We define a three-model framework: a model or specification of the key aspects of the application, a model of the implementation and a model of the attacker, for automatic test case generation. This separation allows the test case generation process to test contexts missed by other model-based approaches. We also describe the key aspects of our tool that generates the tests.

Citation:

Percy A. Pari Salas, Padmanabhan Krishnan, Kelvin J. Ross, "Model-Based Security Vulnerability Testing," aswec, pp.284-296, 2007 Australian Software Engineering Conference (ASWEC'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.