Title :
Security test generation using threat trees
Author :
Marback, Aaron ; Do, Hyunsook ; He, Ke ; Kondamarri, Samuel ; Xu, Dianxiang
Author_Institution :
Dept. of Comput. Sci., North Dakota State Univ., Fargo, ND
Abstract :
Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however, it is necessary to put more effort upfront during the software development life cycle. In this paper, we provided a security testing approach that derives test cases from design-level artifacts. The security testing approach we consider consists of four activities: building threat trees from threat modeling; generating security tests from threat trees; generating test inputs including valid and invalid inputs; and assigning input values to parameters. We also conducted an empirical study to show feasibility of our approach.
Keywords :
program testing; security of data; software engineering; design-level artifacts; security test generation; security testing; software development life cycle; software security; threat trees; Application software; Automatic testing; Buildings; Computer security; Information security; Object oriented modeling; Performance evaluation; Programming; Software systems; Software testing;
Conference_Titel :
Automation of Software Test, 2009. AST '09. ICSE Workshop on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3711-5
DOI :
10.1109/IWAST.2009.5069042
