ADAM - An Adversary-Driven Attack Modelling Framework for Model-Based Security Testing

Volkersdorfer, Tina; Hof, Hans-Joachim

Home // International Journal On Advances in Security, volume 14, numbers 1 and 2, 2021 // View article

ADAM - An Adversary-Driven Attack Modelling Framework for Model-Based Security Testing

Authors:
Tina Volkersdorfer
Hans-Joachim Hof

Keywords: attack model; adversary model; model-based testing; security testing; penetration test.

Abstract:
ADAM (Adversary-Driven Attack Modelling) is a framework for model-based security testing. It is the foundation of a systematic and holistic attack modelling to support consistent and comprehensible penetration tests on model level. ADAM can be used for the automation of security testing in the early phases of software engineering (e.g., manual security reviews) as well as providing attack information for testing activities in later phases of the development lifecycle (e.g., penetration tests). By using ADAM, it is possible to continuously and consistently address security in software development, even if no running code is available. This paper focuses on the presentation of the concept of ADAM, describing the necessary components, their use and giving an insight into how the ADAM framework can be used in the context of a simulation environment. ADAM captures different perspectives of an attack, by the simulation of an adversary that executes multiple attacks to reach a given goal. Thus, ADAM supports not only the automation of model-based security tests but the whole security testing on model level, e.g., including test case generation. Our preliminary evaluation shows that it is possible to use ADAM in a wide range of domains and that there is potential reuse of modelled elements.

Pages: 12 to 25

Publication date: December 31, 2021

Published in: journal

ISSN: 1942-2636