TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing

2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST) Pub Date : 2015-04-13 DOI:10.1109/ICST.2015.7102633

Takanori Kobashi, Masatoshi Yoshizawa, H. Washizaki, Y. Fukazawa, Nobukazu Yoshioka, T. Okubo, H. Kaiya

{"title":"TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing","authors":"Takanori Kobashi, Masatoshi Yoshizawa, H. Washizaki, Y. Fukazawa, Nobukazu Yoshioka, T. Okubo, H. Kaiya","doi":"10.1109/ICST.2015.7102633","DOIUrl":null,"url":null,"abstract":"Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.","PeriodicalId":401414,"journal":{"name":"2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICST.2015.7102633","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

查看原文本刊更多论文

通过模型测试验证安全设计模式应用程序的工具

因为软件开发人员不一定是安全专家，在开发过程的早期阶段(例如，需求或设计阶段)识别潜在的威胁和漏洞是不够的。即使在早期阶段解决了这些问题，也不能保证最终的软件产品实际上满足安全需求。为了实现安全设计，我们提出了扩展的安全模式，其中包括需求级和设计级模式以及一个新的模型测试过程。我们的方法是在一个名为TESEM(测试驱动安全建模工具)的工具中实现的，它通过创建一个脚本来自动执行模型测试，从而支持模式应用程序。在早期开发阶段，开发人员指定目标系统中的威胁和漏洞，然后TESEM验证是否正确应用了安全模式，并评估这些漏洞是否得到解决。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)

自引率

0.00%

发文量