Home // SECURWARE 2020, The Fourteenth International Conference on Emerging Security Information, Systems and Technologies // View article

A Concept of an Attack Model for a Model-Based Security Testing Framework

Authors:
Tina Volkersdorfer
Hans-Joachim Hof

Keywords: model; adversary model; model-based testing; security testing; penetration test.

Abstract:
In this paper, we present a framework for model-based security testing. The primary advantage of our framework will be the automation of manual security reviews as well as automation of security tests like penetration testing. The framework can be used to decide on single steps for the test procedure. This paper focuses on the concept of the framework, de-scribing the necessary components and their use. Our framework can simulate the behaviour of an adversary that executes multiple attacks to reach his primary goal. Using our approach, it is possible to continuously and consistently address security in software development, even in the early phases of software engineering when no running code is available. Due to the consistency, some of the necessary tests can be executed with less effort. This makes security tests more efficient. Our preliminary evaluation shows that it is possible to use our attack model in a wide range of domains and that there is potential reuse of modelled elements.

Pages: 96 to 101

Copyright: Copyright (c) IARIA, 2020

Publication date: November 21, 2020

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-821-1

Location: Valencia, Spain

Dates: from November 21, 2020 to November 25, 2020