A threat model‐based approach to security testing. (26th January 2012)
- Record Type:
- Journal Article
- Title:
- A threat model‐based approach to security testing. (26th January 2012)
- Main Title:
- A threat model‐based approach to security testing
- Authors:
- Marback, Aaron
Do, Hyunsook
He, Ke
Kondamarri, Samuel
Xu, Dianxiang - Abstract:
- <abstract abstract-type="main" id="spe2111-abs-0001"> <title>SUMMARY</title> <p id="spe2111-para-0001">Software security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well‐accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model‐based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree‐based approach is effective in exposing vulnerabilities. Copyright © 2012 John Wiley & Sons, Ltd.</p> </abstract>
- Is Part Of:
- Software, practice & experience. Volume 43:Number 2(2013)
- Journal:
- Software, practice & experience
- Issue:
- Volume 43:Number 2(2013)
- Issue Display:
- Volume 43, Issue 2 (2013)
- Year:
- 2013
- Volume:
- 43
- Issue:
- 2
- Issue Sort Value:
- 2013-0043-0002-0000
- Page Start:
- 241
- Page End:
- 258
- Publication Date:
- 2012-01-26
- Subjects:
- Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2111 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 3169.xml