Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICSE
2009
IEEE-ACM
2009
IEEE-ACM
Security Test Generation Using Threat Trees
Software security issues have been a major concern to the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Most of these techniques, however, have focused on testing software systems after their implementation is completed. To build secure and dependable software systems in a cost-effective way, however, it is necessary to put more effort upfront during the software development life cycle. In this paper, we provided a security testing approach that derives test cases from design-level artifacts. The security testing approach we consider consists of four activities: building threat trees from threat modeling; generating security tests from threat trees; generating test inputs including valid and invalid inputs; and assigning input values to parameters. We also conducted an empirical study to show feasibility of our approach.
Real-time Traffic| Added | 19 Feb 2011 |
| Updated | 19 Feb 2011 |
| Type | Journal |
| Year | 2009 |
| Where | ICSE |
| Authors | Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu |
Comments (0)
Researcher Info
|
