Model-based Security Testing Using UMLsec A Case Study

被引:29
|
作者
Juerjens, Jan [1 ]
机构
[1] Open Univ, Comp Dept, Milton Keynes, Bucks, England
来源
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2008年 / 220卷 / 01期
关键词
Model-based Testing; UML; Security; UMLsec;
D O I
10.1016/j.entcs.2008.11.008
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard.
引用
收藏
页码:93 / 104
页数:12
相关论文
共 50 条
  • [1] Survey of Model-Based Security Testing Approaches in the Automotive Domain
    Sommer, Florian
    Kriesten, Reiner
    Kargl, Frank
    IEEE ACCESS, 2023, 11 : 55474 - 55514
  • [2] Model-Based Testing of SDN Firewalls: A Case Study
    Alsmadi, Izzat
    Munakami, Milson
    Xu, Dianxiang
    2015 SECOND INTERNATIONAL CONFERENCE ON TRUSTWORTHY SYSTEMS AND THEIR APPLICATIONS, 2015, : 73 - 80
  • [3] Architecture conformance analysis using model-based testing: A case study approach
    Uzun, Burak
    Tekinerdogan, Bedir
    SOFTWARE-PRACTICE & EXPERIENCE, 2019, 49 (03) : 423 - 448
  • [4] A case study in model-based testing of specifications and implementations
    Miller, Tim
    Strooper, Paul
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2012, 22 (01) : 33 - 63
  • [5] Using Feature Model to Support Model-Based Testing of Product Lines: An Industrial Case Study
    Wang, Shuai
    Ali, Shaukat
    Yue, Tao
    Liaaen, Marius
    2013 13TH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE (QSIC), 2013, : 75 - 84
  • [6] Model-based security testing: a taxonomy and systematic classification
    Felderer, Michael
    Zech, Philipp
    Breu, Ruth
    Buechler, Matthias
    Pretschner, Alexander
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2016, 26 (02) : 119 - 148
  • [7] Deriving Usage Model Variants for Model-based Testing: An Industrial Case Study
    Samih, Hamza
    Le Guen, Helene
    Bogusch, Ralf
    Acher, Mathieu
    Baudry, Benoit
    2014 19TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS 2014), 2014, : 77 - 80
  • [8] Test case prioritization techniques for model-based testing: a replicated study
    João Felipe S. Ouriques
    Emanuela G. Cartaxo
    Patrícia D. L. Machado
    Software Quality Journal, 2018, 26 : 1451 - 1482
  • [9] Model-based Automated Testing of Mobile Applications: An Industrial Case Study
    Karlsson, Stefan
    Causevic, Adnan
    Sundmark, Daniel
    Larsson, Marten
    2021 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2021), 2021, : 130 - 137
  • [10] MobSTer: A model-based security testing framework for web applications
    Peroli, Michele
    De Meo, Federico
    Vigano, Luca
    Guardini, Davide
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2018, 28 (08)
12345