Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, Epiciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

A Practical Way of Testing Security Patterns

Abstract : —We propose an approach for helping developers devise more secure applications from the threat modelling stage up to the testing one. This approach relies on a Knowledge base integrating varied security data to perform these task. It firstly assists developers in the design of Attack Defense Trees (ADTrees) expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are expressed by means of security patterns, which are generic and re-usable solutions to design secure applications. ADTrees are then used to guide developers in the generation of test cases and of LTL specifications encoding properties about security pattern behaviours. Test verdicts show whether an application is vulnerable to the attack scenarios and if the security pattern properties hold in the application traces.
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : sébastien salva Connect in order to contact the contributor
Submitted on : Wednesday, September 5, 2018 - 11:24:51 AM
Last modification on : Sunday, June 26, 2022 - 9:37:16 AM
Long-term archiving on: : Thursday, December 6, 2018 - 1:47:00 PM


Files produced by the author(s)


  • HAL Id : hal-01868218, version 1


Loukmen Regainia, Sébastien Salva. A Practical Way of Testing Security Patterns. Thirteenth International Conference on Software Engineering Advances (ICSEA'18), Oct 2018, Nice, France. ⟨hal-01868218⟩



Record views


Files downloads