 |
Free and accessible knowledge |
Conference papers
A Practical Way of Testing Security Patterns
Abstract : —We propose an approach for helping developers devise more secure applications from the threat modelling stage up to the testing one. This approach relies on a Knowledge base integrating varied security data to perform these task. It firstly assists developers in the design of Attack Defense Trees (ADTrees) expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are expressed by means of security patterns, which are generic and re-usable solutions to design secure applications. ADTrees are then used to guide developers in the generation of test cases and of LTL specifications encoding properties about security pattern behaviours. Test verdicts show whether an application is vulnerable to the attack scenarios and if the security pattern properties hold in the application traces.
Cited literature [10 references]
https://hal.archives-ouvertes.fr/hal-01868218
Contributor : sébastien salva Connect in order to contact the contributor
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Sunday, June 26, 2022 - 9:37:16 AM
Long-term archiving on: : Thursday, December 6, 2018 - 1:47:00 PM
Contributor : sébastien salva Connect in order to contact the contributor
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Sunday, June 26, 2022 - 9:37:16 AM
Long-term archiving on: : Thursday, December 6, 2018 - 1:47:00 PM
File
secupatterntesting.pdf
Files produced by the author(s)