Complementary test selection criteria for model-based testing of security components

This article presents a successful industrial application of a model-based testing approach to the validation of security components. We present a smart combination of three test selection criteria applied to testing security requirements of components such as Hardware Security Modules. This combination relies on the use of static test selection criteria, namely structural model coverage, complemented by dynamic test selection criteria, based on abstract test scenarios or temporal properties, designed to target corner cases of security functional requirements. Our approach is implemented in an industrial and scalable MBT tool. We evaluated and successfully applied it on three real-world security components. The outcome of these experiences showed that the three test selection criteria target distinct kinds of errors in the software and are able to reveal inconsistencies in the specification. Moreover, a 5-year experience of working with both manufacturers and evaluators of security components, along with other industrial collaborations, showed that the approach is easy to adopt in the industry and the time spent to learn the methodology is negligible with respect to its benefits. Finally, the approach can be completely applied in a more general context on systems that underlay thorough validation of compliance to specifications or audits.

[1]  Angelo Gargantini,et al.  Using model checking to generate tests from requirements specifications , 1999, ESEC/FSE-7.

[2]  Duncan Clarke,et al.  STG: a tool for generating symbolic test programs and oracles from operational specifications , 2001, ESEC/FSE-9.

[3]  Thierry Jéron,et al.  TGV : theory , principles and algorithms A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems , 2004 .

[4]  Magnus Almgren,et al.  T-Fuzz: Model-Based Fuzzing for Robustness Testing of Telecommunication Protocols , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[5]  Insup Lee,et al.  Specification-based testing with linear temporal logic , 2004, Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, 2004. IRI 2004..

[6]  Sira Vegas,et al.  A Characterisation Schema for Software Testing Techniques , 2005, Empirical Software Engineering.

[7]  Jürgen Großmann,et al.  Online Model-Based Behavioral Fuzzing , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[8]  Gu Tian-yang,et al.  Research on Software Security Testing , 2010 .

[9]  Ina Schieferdecker,et al.  Model-Driven Testing: Using the UML Testing Profile , 2007 .

[10]  Wei Ding,et al.  Using a model checker to test safety properties , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[11]  Gordon Fraser,et al.  Using model-checkers to generate and analyze property relevant test-cases , 2007, Software Quality Journal.

[12]  Yliès Falcone,et al.  j-POST: a Java Toolchain for Property-Oriented Software Testing , 2008, Electron. Notes Theor. Comput. Sci..

[13]  Ruth Breu,et al.  Model‐based security testing: a taxonomy and systematic classification , 2016, Softw. Test. Verification Reliab..

[14]  Paul A. Strooper,et al.  An Iterative Empirical Strategy for the Systematic Selection of a Combination of Verification and Validation Technologies , 2007, Fifth International Workshop on Software Quality (WoSQ'07: ICSE Workshops 2007).

[15]  Yves Le Traon,et al.  Test-Driven Assessment of Access Control in Legacy Applications , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[16]  Jan Jürjens,et al.  Specification-Based Test Generation for Security-Critical Systems Using Mutations , 2002, ICFEM.

[17]  Ernesto Damiani,et al.  A test-based security certification scheme for web services , 2013, TWEB.

[18]  Fabrice Bouquet,et al.  A subset of precise UML for model-based testing , 2007, A-MOST '07.

[19]  Thierry Jéron,et al.  Automatic Verification and Conformance Testing for Validating Safety Properties of Reactive Systems , 2005, FM.

[20]  Jan Jürjens,et al.  Formally testing fail-safety of electronic purse protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[21]  Ruth Breu,et al.  A Classification for Model-Based Security Testing , 2011 .

[22]  Amel Mammar,et al.  Modeling and Testing SecureWeb Applications , 2010 .

[23]  Dianxiang Xu,et al.  A model-based approach to automated testing of access control policies , 2012, SACMAT '12.

[24]  Guilherme Horta Travassos,et al.  Supporting the Combined Selection of Model-Based Testing Techniques , 2014, IEEE Transactions on Software Engineering.

[25]  Boris Beizer,et al.  Black Box Testing: Techniques for Functional Testing of Software and Systems , 1996, IEEE Software.

[26]  Jeannine Siviy,et al.  Using the Technology Readiness Levels Scale to Support Technology Management in the DoD's ATD/STO Environments (A Findings and Recommendations Report Conducted for Army CECOM) , 2002 .

[27]  Jacques Julliand,et al.  Generating tests from B specifications and dynamic selection criteria , 2009, Formal Aspects of Computing.

[28]  Jacques Julliand,et al.  Coverage Criteria for Model-Based Testing using Property Patterns , 2014, MBT.

[29]  Julien Botella,et al.  Risk-Based Vulnerability Testing Using Security Test Patterns , 2014, ISoLA.

[30]  Fabrice Bouquet,et al.  An Access Control Model Based Testing Approach for Smart Card Applications: Results of the POSÉ Project , 2010, IAS 2010.

[31]  David Lugato,et al.  Automatic Test Generation with AGATHA , 2003, TACAS.

[32]  Nitin Upadhyay,et al.  Selection of Software Testing Technique: A Multi Criteria Decision Making Approach , 2011, CSE 2011.

[33]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[34]  Hadi Hemmati,et al.  How Effective Are Code Coverage Criteria? , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[35]  Victor R. Basili,et al.  Support for comprehensive reuse , 1991, Softw. Eng. J..

[36]  Bruno Legeard,et al.  MBT for Global Platform Compliance Testing: Experience Report and Lessons Learned , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.

[37]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[38]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[39]  Véronique Cortier,et al.  A survey of algebraic properties used in cryptographic protocols , 2006, J. Comput. Secur..

[40]  Xi Wang,et al.  Why does cryptographic software fail?: a case study and open problems , 2014, APSys.

[41]  Bruno Legeard,et al.  A taxonomy of model‐based testing approaches , 2012, Softw. Test. Verification Reliab..

[42]  Michaël Rusinowitch,et al.  Model‐based mutation testing from security protocols in HLPSL , 2015, Softw. Test. Verification Reliab..

[43]  Bernhard Schätz,et al.  Tool Supported Specification and Simulation of Distributed Systems , 1998, PDSE.

[44]  Model-Based Testing of Cryptographic Components -- Lessons Learned from Experience , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[45]  Jan Tretmans,et al.  TorX: Automated Model-Based Testing , 2003 .

[46]  Ernesto Damiani,et al.  Machine-Readable Privacy Certificates for Services , 2013, OTM Conferences.

[47]  Yves Le Traon,et al.  A Model-Based Framework for Security Policy Specification, Deployment and Testing , 2008, MoDELS.

[48]  Yves Le Traon,et al.  Model-Based Tests for Access Control Policies , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[49]  Julien Botella,et al.  Model-Based Security Verification and Testing for Smart-cards , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[50]  Wolfram Schulte,et al.  Model-Based Testing of Cryptographic Protocols , 2005, TGC.