Title :
Security Protocol Testing Using Attack Trees
Author :
Morais, Anderson ; Martins, Eliane ; Cavalli, Ana ; Jimenez, Willy
Author_Institution :
Inst. of Comput., State Univ. of Campinas, Campinas, Brazil
Abstract :
In this paper we present an attack injection approach for security protocol testing aiming at vulnerability detection. We use attack tree model to describe known attacks and derive injection test scenarios to test the security properties of the protocol under evaluation. The test scenarios are converted to a specific fault injector script after performing some transformations. The attacker is emulated using a fault injector. This model based approach facilitates there usability and maintainability of the generated injection attacks as well as the generation of fault injectors scripts. The approach is applied to an existing mobile security protocol. We performed experiments with truncation and DoS attacks; results show good precision and efficiency in the injection method.
Keywords :
mobile computing; protocols; security of data; DoS attacks; attack tree model; fault injector script; mobile security protocol; security protocol testing; Communication system security; Computer crime; Fault detection; Performance evaluation; Power system security; Runtime; Software systems; System testing; Telecommunications; Wireless application protocol; Attack Injection; Attack Trees; Model-based Testing; Security Testing;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.206
