Software Engineering Conference, Australian (2007)
Apr. 10, 2007 to Apr. 13, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ASWEC.2007.31
Kelvin J. Ross , K.J. Ross & Associates Pty. Ltd., Australia
Padmanabhan Krishnan , Bond University, Australia
Percy A. Pari Salas , Bond University, Australia
In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation details are by themselves inadequate for testing security vulnerabilities. We propose a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing. We define a three-model framework: a model or specification of the key aspects of the application, a model of the implementation and a model of the attacker, for automatic test case generation. This separation allows the test case generation process to test contexts missed by other model-based approaches. We also describe the key aspects of our tool that generates the tests.
Kelvin J. Ross, Padmanabhan Krishnan, Percy A. Pari Salas, "Model-Based Security Vulnerability Testing", Software Engineering Conference, Australian, vol. 00, no. , pp. 284-296, 2007, doi:10.1109/ASWEC.2007.31