Affiliation:
1. University of Luxembourg, Luxembourg
Abstract
The quality of software systems strongly depends on their architecture. For this reason, taking into account security requirements at the architecture level is crucial for the success of secure software development. Today, systems are permanently evolving due to customer needs, technology evolution or maintenance constraints. Thus, a resilient secure system is expected to evolve towards more satisfaction of its security requirements (Guelfi 2011). In particular, such evolution process should identify and eliminate faults and vulnerabilities during the development process or runtime. This study focuses on the design phases and aims to propose a resilient software engineering process guaranteeing the development of secure systems that satisfy their critical requirements. During the development process, the system is expected to evolve until reaching satisfactory compliance against its requirements. The satisfaction computation is based on the quantification of failures and degradations. In this paper, the authors propose a novel architecture model-based security testing approach for identifying faults and vulnerabilities. The originality of the proposal resides in the usage of the architecture model for security testing and in coupling security requirements with threat model for generating both security functional test cases and malicious test cases. The assessment of the security requirements’ satisfaction and the overall system resilience is based on the test traces analysis. Throughout this study, a client-server system is used as a running example for illustrating the approach.
Reference29 articles.
1. Armando, A., Carbone, R., Compagna, L., Li, K., & Pellegrino, G. (2010). Model-checking driven security testing of web-based applications. In Proceedings of the Third International Conference on Software Testing, Verification, and Validation Workshops (pp. 361-370).
2. Bertolino, A., Inverardi, P., & Muccini, H. (2001). An explorative journey from architectural tests definition down to code tests execution. In Proceedings of the 23rd International Conference on Software Engineering (pp. 211-220).
3. Bourhfir, C., Dssouli, R., Aboulhamid, E., & Rico, N. (1998). A guided incremental test case generation procedure for conformance testing CEFSM specified protocols. In Proceedings of the IFIP International Workshop on Testing Communicating Systems (pp. 275-290).
4. Brun, M. Delatour, J., & Trinquet, Y. (2008). Code generation from AADL to a real-time operating system: An experimentation feedback on the use of model transformation. In Proceedings of the 13th IEEE International Conference on Engineering of Complex Computer Systems (pp. 257-262).
5. Architecting fault-tolerant component-based systems: From requirements to testing.;A.Bucchiarone;Electronic Notes in Theoretical Computer Science,2007
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献