Home // ICSEA 2018, The Thirteenth International Conference on Software Engineering Advances // View article

A Practical Way of Testing Security Patterns

Authors:
Loukmen Regainia
Sébastien Salva

Keywords: Security pattern, Security Testing, Attack Defence Tree, Test Case Generation

Abstract:
We propose an approach for helping developers devise more secure applications from the threat modelling stage up to the testing one. This approach relies on a knowledge base integrating varied security data to perform these tasks. It firstly assists developers in the design of Attack Defence Trees (ADTrees) expressing the attacker possibilities to compromise an application and the defences that may be implemented. These defences are expressed by means of security patterns, which are generic and re-usable solutions to design secure applications. ADTrees are then used to guide developers in the generation of test cases and Linear Temporal Logic (LTL) specifications. The latter encoding properties about security pattern behaviours. Test verdicts show whether an application is vulnerable to the attack scenarios and if the security pattern properties hold in the application traces.

Pages: 7 to 12

Copyright: Copyright (c) IARIA, 2018

Publication date: October 14, 2018

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-668-2

Location: Nice, France

Dates: from October 14, 2018 to October 18, 2018