A threat model‐based approach to security testing

Citations Over TimeTop 10% of 2012 papers

Abstract

SUMMARY Software security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well‐accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model‐based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree‐based approach is effective in exposing vulnerabilities. Copyright © 2012 John Wiley & Sons, Ltd.

Related Papers

• → Threat-driven modeling and verification of secure software using aspect-oriented Petri nets(2006)160 cited
• → Validating Security Design Patterns Application Using Model Testing(2013)13 cited
• → Design and Implementation of Security Test Pipeline based on DevSecOps(2021)9 cited
• → Security threat identification using energy points(2017)1 cited
• Finding Security Patterns to Countermeasure Software Vulnerabilities(2008)