Model-Based Security Vulnerability Testing

Melbourne, Australia April 10-April 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ASWEC.2007.31

2007 Australian Software Engineering ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Percy A. Pari Salas Articles by Padmanabhan Krishnan Articles by Kelvin J. Ross

	ASCII Text	x
	Percy A. Pari Salas, Padmanabhan Krishnan, Kelvin J. Ross, "Model-Based Security Vulnerability Testing," Australian Software Engineering Conference, pp. 284-296, 2007 Australian Software Engineering Conference (ASWEC'07), 2007.

	BibTex	x
	@article{ 10.1109/ASWEC.2007.31, author = {Percy A. Pari Salas and Padmanabhan Krishnan and Kelvin J. Ross}, title = {Model-Based Security Vulnerability Testing}, journal ={Australian Software Engineering Conference}, volume = {0}, year = {2007}, issn = {1530-0803}, pages = {284-296}, doi = {http://doi.ieeecomputersociety.org/10.1109/ASWEC.2007.31}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Australian Software Engineering Conference TI - Model-Based Security Vulnerability Testing SN - 1530-0803 SP284 EP296 A1 - Percy A. Pari Salas, A1 - Padmanabhan Krishnan, A1 - Kelvin J. Ross, PY - 2007 KW - null VL - 0 JA - Australian Software Engineering Conference ER -

Percy A. Pari Salas, Bond University, Australia

Padmanabhan Krishnan, Bond University, Australia

Kelvin J. Ross, K.J. Ross & Associates Pty. Ltd., Australia

In this work we present a model-based framework for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model-based approaches which elide implementation details are by themselves inadequate for testing security vulnerabilities. We propose a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing. We define a three-model framework: a model or specification of the key aspects of the application, a model of the implementation and a model of the attacker, for automatic test case generation. This separation allows the test case generation process to test contexts missed by other model-based approaches. We also describe the key aspects of our tool that generates the tests.

Citation:

Percy A. Pari Salas, Padmanabhan Krishnan, Kelvin J. Ross, "Model-Based Security Vulnerability Testing," aswec, pp.284-296, 2007 Australian Software Engineering Conference (ASWEC'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.