Virtual Cyber-Security Testing Capability for Large Scale Distributed Information Infrastructure Protection

2008 IEEE Conference on Technologies for Homeland Security Pub Date : 2008-05-12 DOI:10.1109/THS.2008.4534480

Perry Pederson, David Lee, Guoqiang Shu, Dongluo Chen, Zhijun Liu, Na Li, Lifeng Sang

{"title":"Virtual Cyber-Security Testing Capability for Large Scale Distributed Information Infrastructure Protection","authors":"Perry Pederson, David Lee, Guoqiang Shu, Dongluo Chen, Zhijun Liu, Na Li, Lifeng Sang","doi":"10.1109/THS.2008.4534480","DOIUrl":null,"url":null,"abstract":"Security, reliability and interoperability are indispensable in today's distributed heterogeneous information infrastructure. For government and military applications, it is crucial to conduct effective and efficient testing of security properties for newly developed systems, which are to be integrated into existing information system. Yet little progress has been made in the technology advancement of rigorous and automated security testing. In this contribution we present virtual cyber security testing capability (VCSTC) - a DoD funded project-for developing an automated testing capability that can assess the operational functions and security impact of a target system without physically integrating it into an intended network infrastructure. VCSTC first synthesizes a model to emulate the real network infrastructure; then it automatically generates and executes test cases with guaranteed coverage of the features and security properties under test. This report presents the architecture of VCSTC, its key techniques and experimental results on real systems.","PeriodicalId":366416,"journal":{"name":"2008 IEEE Conference on Technologies for Homeland Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Conference on Technologies for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2008.4534480","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Security, reliability and interoperability are indispensable in today's distributed heterogeneous information infrastructure. For government and military applications, it is crucial to conduct effective and efficient testing of security properties for newly developed systems, which are to be integrated into existing information system. Yet little progress has been made in the technology advancement of rigorous and automated security testing. In this contribution we present virtual cyber security testing capability (VCSTC) - a DoD funded project-for developing an automated testing capability that can assess the operational functions and security impact of a target system without physically integrating it into an intended network infrastructure. VCSTC first synthesizes a model to emulate the real network infrastructure; then it automatically generates and executes test cases with guaranteed coverage of the features and security properties under test. This report presents the architecture of VCSTC, its key techniques and experimental results on real systems.

查看原文本刊更多论文

面向大规模分布式信息基础设施防护的虚拟网络安全测试能力

在当今的分布式异构信息基础设施中，安全性、可靠性和互操作性是必不可少的。对于政府和军事应用，对新开发的系统进行有效和高效的安全性能测试至关重要，这些系统将集成到现有的信息系统中。然而，在严格和自动化安全测试的技术进步方面，几乎没有取得任何进展。在本文中，我们提出了虚拟网络安全测试能力(VCSTC)——一个国防部资助的项目——用于开发一种自动化测试能力，该测试能力可以评估目标系统的操作功能和安全影响，而无需将其物理集成到预期的网络基础设施中。VCSTC首先综合了一个模型来模拟真实的网络基础设施;然后，它自动生成并执行测试用例，并保证测试下的特性和安全属性的覆盖率。本文介绍了VCSTC的体系结构、关键技术和在实际系统上的实验结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 IEEE Conference on Technologies for Homeland Security

自引率

0.00%

发文量