2015
DOI: 10.1002/stvr.1580
|View full text |Cite
|
Sign up to set email alerts
|

Model-based security testing: a taxonomy and systematic classification

Abstract: Model-based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model-based security testing approaches. It comprises filter criteria (i.e. model of system security, security model of the environment and explicit test selection criteria) as well as evidence criteria (i.e. maturity o… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
52
0
3

Year Published

2017
2017
2020
2020

Publication Types

Select...
4
4

Relationship

2
6

Authors

Journals

citations
Cited by 79 publications
(55 citation statements)
references
References 140 publications
0
52
0
3
Order By: Relevance
“…Also, a general understanding of the return of investment of model-based security testing approaches, which has already been highlighted as a challenge in [17], would help to apply such approaches efficiently. The issue of efficiently applying model-based testing approaches becomes even more critical when agile teams develop systems where the connection between safety and security is essential as in modern Internet-of-Things applications.…”
Section: Recommendations For Researchmentioning
confidence: 99%
“…Also, a general understanding of the return of investment of model-based security testing approaches, which has already been highlighted as a challenge in [17], would help to apply such approaches efficiently. The issue of efficiently applying model-based testing approaches becomes even more critical when agile teams develop systems where the connection between safety and security is essential as in modern Internet-of-Things applications.…”
Section: Recommendations For Researchmentioning
confidence: 99%
“…However, its current version (OASIS 2014) does not support the specification of SSoD and DSoD constraints. Moreover, since the effectiveness of test criteria is strongly related to its ability to represent specific domain faults (Felderer et al 2015), there is no guarantee that similarity testing can be as effective on RBAC as they were on XACML and LTS.…”
Section: Similarity Testingmentioning
confidence: 99%
“…This concept has been investigated under MBT (Cartaxo et al 2011), access control testing (Bertolino et al 2015) and software product line (SPL) testing (Henard et al 2014) domains, but it has never been applied to RBAC. Moreover, since the fault detection effectiveness of test criteria are strongly related to its ability to represent faults of specific domains (Felderer et al 2015), similarity testing may not be necessarily effective on RBAC domain.…”
mentioning
confidence: 99%
“…, X n } is a set of variables. 5 Further, C = E, A, AP, G, T , with disjoint sets of symbols, where E is a set of exploits, A is a set of attacks AP is a set of attack patterns, G is a set of attack goals, and T is a set of types. 6 The predicates described by set F are functions over C with…”
Section: Definition 2 (Extensional Database)mentioning
confidence: 99%
“…Resulting model-based security testing (MBST) approaches [5] thus immediately benefit from MBT in various aspects, e.g., a high degree of automation, potential early detection of software bugs already at the design level, and high coverage of the SUT by the resulting high quality test cases [6]. A crucial role in MBST is occupied by various kinds of security models, i.e., threat, fault and risk models, and weakness and vulnerability models.…”
Section: Introductionmentioning
confidence: 99%