Abstract : —We propose an approach for helping developers devise more secure applications from the threat modelling stage up to the testing one. This approach relies on a Knowledge base integrating varied security data to perform these task. It firstly assists developers in the design of Attack Defense Trees (ADTrees) expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are expressed by means of security patterns, which are generic and re-usable solutions to design secure applications. ADTrees are then used to guide developers in the generation of test cases and of LTL specifications encoding properties about security pattern behaviours. Test verdicts show whether an application is vulnerable to the attack scenarios and if the security pattern properties hold in the application traces.
https://hal.archives-ouvertes.fr/hal-01868218
Contributor : Sébastien Salva
<>
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Tuesday, September 18, 2018 - 1:13:49 AM
Long-term archiving on : Thursday, December 6, 2018 - 1:47:00 PM
Loukmen Regainia, Sébastien Salva. A Practical Way of Testing Security Patterns. Thirteenth International Conference on Software Engineering Advances (ICSEA'18), Oct 2018, Nice, France. ⟨hal-01868218⟩
