 |
Conference papers
A Practical Way of Testing Security Patterns
Abstract : —We propose an approach for helping developers devise more secure applications from the threat modelling stage up to the testing one. This approach relies on a Knowledge base integrating varied security data to perform these task. It firstly assists developers in the design of Attack Defense Trees (ADTrees) expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are expressed by means of security patterns, which are generic and re-usable solutions to design secure applications. ADTrees are then used to guide developers in the generation of test cases and of LTL specifications encoding properties about security pattern behaviours. Test verdicts show whether an application is vulnerable to the attack scenarios and if the security pattern properties hold in the application traces.
Cited literature [10 references]
https://hal.archives-ouvertes.fr/hal-01868218
Contributor : Sébastien Salva <>
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Monday, January 20, 2020 - 12:12:06 PM
Document(s) archivé(s) le : Thursday, December 6, 2018 - 1:47:00 PM
Contributor : Sébastien Salva <>
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Monday, January 20, 2020 - 12:12:06 PM
Document(s) archivé(s) le : Thursday, December 6, 2018 - 1:47:00 PM
File
secupatterntesting.pdf
Files produced by the author(s)
