Security test generation using threat trees

Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however, it is necessary to put more effort upfront during the software development life cycle. In this paper, we provided a security testing approach that derives test cases from design-level artifacts. The security testing approach we consider consists of four activities: building threat trees from threat modeling; generating security tests from threat trees; generating test inputs including valid and invalid inputs; and assigning input values to parameters. We also conducted an empirical study to show feasibility of our approach.

[1]  A. Ghafoor,et al.  Model-based Testing of Access Control Systems that Employ RBAC Policies , 2005 .

[2]  Boris Beizer,et al.  Black Box Testing: Techniques for Functional Testing of Software and Systems , 1996, IEEE Software.

[3]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[4]  Dianxiang Xu,et al.  A Threat Model Driven Approach for Security Testing , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[5]  John P. McDermott,et al.  Abuse-case-based assurance arguments , 2001, Seventeenth Annual Computer Security Applications Conference.

[6]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[7]  Arif Ghafoor,et al.  Scalable and effective test generation for access control systems , 2006 .

[8]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[9]  Tao Xie,et al.  Automated Test Generation for Access Control Policies via Change-Impact Analysis , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[10]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[11]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[12]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[13]  John Viega,et al.  19 deadly sins of software security : programming flaws and how to fix them , 2005 .

[14]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[15]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[16]  Boris Beizer,et al.  Software Testing Techniques , 1983 .

[17]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[18]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .