Evolution of Security Requirements Tests for Service-Centric Systems

Security is an important quality aspect of open service-- centric systems. However, it is challenging to keep such systems secure because of steady evolution. Thus, security requirements testing, considering system changes is crucial to provide a certain level of reliability in a service-centric system. In this paper, we present a model-driven method to system level security testing of service-centric systems focusing on the aspect of requirements, system and test evolution. As requirements and the system may change over time, regular adaptations to the tests of security requirements are essential to retain, or even improve, system quality. We attach state machines to all model elements of our systemand test model to obtain consistent and traceable evolution of the system and its tests. We highlight the specifics for the evolution of security requirements, and show by a case study how changes of the attached tests are managed.

[1]  Lionel C. Briand,et al.  Automating regression test selection based on UML designs , 2009, Inf. Softw. Technol..

[2]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[3]  Ruth Breu,et al.  Security Testing by Telling TestStories , 2010, Modellierung.

[4]  Ruth Breu Ten Principles for Living Models - A Manifesto of Change-Driven Software Engineering , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[5]  Gerardo Canfora,et al.  Web Services Regression Testing , 2007, Test and Analysis of Web Services.

[6]  Jean-Marc Jézéquel,et al.  ≪UML≫ 2002 — The Unified Modeling Language , 2002, Lecture Notes in Computer Science.

[7]  Elisa Bertino,et al.  Challenges of Testing Web Services and Security in SOA Implementations , 2007, Test and Analysis of Web Services.

[8]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[9]  Ruth Breu,et al.  Towards Adaptive Test Code Generation for Service Oriented Systems , 2009, 2009 Ninth International Conference on Quality Software.

[10]  Arie van Deursen,et al.  On the Interplay Between Software Testing and Evolution and its Effect on Program Comprehension , 2008, Software Evolution.

[11]  Zafar I. Malik,et al.  An approach for selective state machine based regression testing , 2007, A-MOST '07.

[12]  Ning Zhang,et al.  Automated regression testing using DBT and Sleuth , 1999 .

[13]  Jacques Julliand,et al.  Generating security tests in addition to functional tests , 2008, AST '08.

[14]  История National Information Assurance Glossary , 2010 .

[15]  Anjaneyulu Pasala,et al.  Specification-Based Approach to Select Regression Test Suite to Validate Changed Software , 2008, 2008 15th Asia-Pacific Software Engineering Conference.

[16]  Ruth Breu,et al.  Security engineering for service-oriented architectures , 2008 .

[17]  Jan Jürjens,et al.  Specification-Based Test Generation for Security-Critical Systems Using Mutations , 2002, ICFEM.

[18]  Robert K. Cunningham,et al.  Why Measuring Security Is Hard , 2010, IEEE Security & Privacy.

[19]  Giovanni Vigna,et al.  Vulnerability Analysis of Web-based Applications , 2007, Test and Analysis of Web Services.

[20]  Serge Demeyer,et al.  Software Evolution , 2010 .

[21]  Luciano Baresi,et al.  Test and Analysis of Web Services , 2007, Test and Analysis of Web Services.