Towards Risk -- Driven Security Testing of Service Centric Systems

The increased deployment of service centric systems in security critical application contexts poses new challenges to properly test such a system's security. If taking a closer look at the inherent complexity of such applications, sophisticated approaches to testing security are indispensable. In our paper we propose a novel model - based methodology for the risk - driven security testing of service centric systems.

[1]  Gerardo Canfora,et al.  Testing services and service-centric systems: challenges and opportunities , 2006, IT Professional.

[2]  Ruth Breu,et al.  Security Testing by Telling TestStories , 2010, Modellierung.

[3]  Marco Vieira,et al.  Using web security scanners to detect vulnerabilities in web services , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[4]  Georg Gottlob,et al.  Disjunctive datalog , 1997, TODS.

[5]  Ståle Amland Risk-based testing: : Risk analysis fundamentals and metrics for software testing including a financial application case study , 2000, J. Syst. Softw..

[6]  Matt Bishop,et al.  About Penetration Testing , 2007, IEEE Security & Privacy.

[7]  Ruth Breu Ten Principles for Living Models - A Manifesto of Change-Driven Software Engineering , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[8]  Miroslaw Truszczynski,et al.  Answer set programming at a glance , 2011, Commun. ACM.

[9]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[10]  Klaus Pohl,et al.  An automated technique for risk-based test case generation and prioritization , 2008, AST '08.