A threat model‐based approach to security testing

Software security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well‐accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model‐based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree‐based approach is effective in exposing vulnerabilities. Copyright © 2012 John Wiley & Sons, Ltd.

[1]  Hiroshi Inamura,et al.  Dynamic test input generation for web applications , 2008, ISSTA '08.

[2]  Jan Jürjens,et al.  Formally testing fail-safety of electronic purse protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[3]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[4]  Elfriede Dustin,et al.  The Art of Software Security Testing: Identifying Software Security Flaws , 2006 .

[5]  Toshinori Sato,et al.  Power-Performance Trade-Off of a Dependable Multicore Processor , 2007 .

[6]  Benjamin Livshits,et al.  Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[7]  Mohammad Zulkernine,et al.  MUTEC: Mutation-based testing of Cross Site Scripting , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[8]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[9]  Javier Tuya,et al.  Mutating database queries , 2007, Inf. Softw. Technol..

[10]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[11]  Todd M. Austin,et al.  High Coverage Detection of Input-Related Security Faults , 2003, USENIX Security Symposium.

[12]  Johannes Sametinger,et al.  Software Security , 2013, 2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS).

[13]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[14]  Jan Jürjens Model-based Security Testing Using UMLsec: A Case Study , 2008, Electron. Notes Theor. Comput. Sci..

[15]  M. E. Kabay,et al.  Writing Secure Code , 2015 .

[16]  Marco Vieira,et al.  Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .

[17]  Dennis J. Turner,et al.  Symantec Internet Security Threat Report Trends for July 04-December 04 , 2005 .

[18]  Arif Ghafoor,et al.  Scalable and Effective Test Generation for Role-Based Access Control Systems , 2009, IEEE Transactions on Software Engineering.

[19]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[20]  John P. McDermott,et al.  Abuse-case-based assurance arguments , 2001, Seventeenth Annual Computer Security Applications Conference.

[21]  Jan Jürjens,et al.  Specification-Based Test Generation for Security-Critical Systems Using Mutations , 2002, ICFEM.

[22]  Yves Le Traon,et al.  Transforming and Selecting Functional Test Cases for Security Policy Testing , 2009, 2009 International Conference on Software Testing Verification and Validation.

[23]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[24]  Sigrid Eldh Software Testing Techniques , 2007 .

[25]  Tao Xie,et al.  Automated Test Generation for Access Control Policies via Change-Impact Analysis , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[26]  Ramaswamy Chandramouli,et al.  Model-based Approach to Security Test Automation , 2001 .

[27]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[28]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[29]  Yves Le Traon,et al.  A Model-Based Framework for Security Policy Specification, Deployment and Testing , 2008, MoDELS.

[30]  B. Baudry,et al.  Mutation Analysis for Security Tests Qualification , 2007, Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007).

[31]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[32]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[33]  Luciano Baresi,et al.  An Introduction to Software Testing , 2006, FoVMT.

[34]  Dianxiang Xu,et al.  A Threat Model Driven Approach for Security Testing , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[35]  Benjamin W. Wah,et al.  Wiley Encyclopedia of Computer Science and Engineering , 2009, Wiley Encyclopedia of Computer Science and Engineering.

[36]  Alessandro Orso,et al.  Using positive tainting and syntax-aware evaluation to counter SQL injection attacks , 2006, SIGSOFT '06/FSE-14.

[37]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[38]  A. Ghafoor,et al.  Model-based Testing of Access Control Systems that Employ RBAC Policies , 2005 .

[39]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[40]  Mohammad Zulkernine,et al.  MUSIC: Mutation-based SQL Injection Vulnerability Checking , 2008, 2008 The Eighth International Conference on Quality Software.