An Attack Scenario Based Approach for Software Security Testing at Design Stage

Author

He, Ke ; Feng, Zhiyong ; Li, Xiaohong

Author_Institution

Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China

Volume

1

fYear

2008

fDate

20-22 Dec. 2008

Firstpage

782

Lastpage

787

Abstract

This paper presents an attack scenario based approach for software security testing at design stage. Attack scenarios are represented as extended activity diagram (EAD) and new unified threat model (NUTM). Security test cases are derived from attack scenarios automatically according to coverage criteria of complex attack path. These test cases are applied to test the security of system. According to test case results, the system can be improved by mitigations. In addition, attack pattern and security pattern are provided for developers to characterize and reuse well-studied attacks and mitigations in a quick and correct way. We illustrate our approach with an example of online banking system. The example shows that our attack scenario based approach can help developers to test the systemÂ¿s response to potential attacks and then improve system design to satisfy necessary security requirements at early design stage.

Keywords

security of data; software engineering; attack pattern; attack scenario; extended activity diagram; new unified threat model; online banking system; security pattern; software attack; software design; software security testing; system security; Automatic testing; Banking; Computer science; Computer security; Helium; Information security; Logic; Software testing; System testing; Turing machines; attack scenario; software security testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Computational Technology, 2008. ISCSCT '08. International Symposium on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-3746-7

Type

conf

DOI

10.1109/ISCSCT.2008.116

Filename

4731541