The Community for Technology Leaders
Automation of Software Test, Second International Workshop on (2009)
Vancouver, BC Canada
May 18, 2009 to May 19, 2009
ISBN: 978-1-4244-3711-5
pp: 62-69
Aaron Marback , Department of Computer Science, North Dakota State University, Fargo, 58108, USA
Hyunsook Do , Department of Computer Science, North Dakota State University, Fargo, 58108, USA
Ke He , Department of Computer Science, North Dakota State University, Fargo, 58108, USA
Samuel Kondamarri , Department of Computer Science, North Dakota State University, Fargo, 58108, USA
Dianxiang Xu , Department of Computer Science, North Dakota State University, Fargo, 58108, USA
ABSTRACT
Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however, it is necessary to put more effort upfront during the software development life cycle. In this paper, we provided a security testing approach that derives test cases from design-level artifacts. The security testing approach we consider consists of four activities: building threat trees from threat modeling; generating security tests from threat trees; generating test inputs including valid and invalid inputs; and assigning input values to parameters. We also conducted an empirical study to show feasibility of our approach.
INDEX TERMS
program testing, security of data, software engineering
CITATION

A. Marback, Hyunsook Do, Ke He, S. Kondamarri and D. Xu, "Security test generation using threat trees," 2009 ICSE Workshop on Automation of Software Test (AST 2009)(AST), Vancouver, BC, 2009, pp. 62-69.
doi:10.1109/IWAST.2009.5069042
93 ms
(Ver 3.3 (11022016))