Sciweavers

ICSE
2009
IEEE-ACM

Security Test Generation Using Threat Trees

13 years 10 months ago
Security Test Generation Using Threat Trees
Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however, it is necessary to put more effort upfront during the software development life cycle. In this paper, we provided a security testing approach that derives test cases from design-level artifacts. The security testing approach we consider consists of four activities: building threat trees from threat modeling; generating security tests from threat trees; generating test inputs including valid and invalid inputs; and assigning input values to parameters. We also conducted an empirical study to show feasibility of our approach.
Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamar
Added 19 Feb 2011
Updated 19 Feb 2011
Type Journal
Year 2009
Where ICSE
Authors Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu
Comments (0)