Validating Security Design Patterns Application Using Model Testing

Author

Kobashi, Takanori ; Yoshioka, Nobukazu ; Okubo, Takanori ; Kaiya, Haruhiko ; Washizaki, Hironori ; Fukazawa, Yoshiaki

Author_Institution

Comput. Sci. & Eng. Dept., Waseda Univ., Tokyo, Japan

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

62

Lastpage

71

Abstract

Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

Keywords

program testing; security of data; software engineering; model testing; security design patterns application; security knowledge; security patterns; security specialists; software developers; testing process; Context; Educational institutions; Security; Software; Systematics; Testing; Unified modeling language; Model Testing; Security Patterns; Test-Driven Development; UML;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.13

Filename

6657227