Home // VALID 2011, The Third International Conference on Advances in System Testing and Validation Lifecycle // View article

A Classification for Model-Based Security Testing

Authors:
Michael Felderer
Berthold Agreiter
Philipp Zech
Ruth Breu

Keywords: Secure Systems, Verification and Testing, Security Testing, Model-based Testing

Abstract:
Security testing defines tests for security requirements of software. Security requirements are non-functional, and thus require a different way of testing compared to functional requirements. Model-based testing applies model-based design for modeling test artifacts or the automation of test activities. Although model-based testing techniques improve security testing, these two testing activities have rarely been combined systematically. Like functional system models improve functional testing, risk models can improve security testing. This paper first gives an overview of existing security testing approaches, and based on that, develops a novel classification for model-based security tests along the two dimensions risk and automated test generation. The classification allows for understanding which areas of model-based security testing are already well-covered by research and practice, and furthermore, can serve as a guideline for deciding which testing approach fits specific circumstances. Based on the classification, we identify tasks for interesting future research.

Pages: 109 to 114

Copyright: Copyright (c) IARIA, 2011

Publication date: October 23, 2011

Published in: conference

ISSN: 2308-4316

ISBN: 978-1-61208-168-7

Location: Barcelona, Spain

Dates: from October 23, 2011 to October 29, 2011