TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing

Kobashi, Takanori; Yoshizawa, Masatoshi; Washizaki, Hironori; Fukazawa, Yoshiaki; Yoshioka, Nobukazu; Okubo, Takano; Kaiya, Haruhiko

doi:10.1109/icst.2015.7102633

Cited by 8 publications

(8 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As mentioned earlier, we successfully defined UML models with OCL descriptions for various security design patterns [7]. In the future, we have a plan to prepare a guideline of describing OCL descriptions for security patterns based on our experience.…”

Section: Limitationsmentioning

confidence: 97%

“…OCL [5,6] stands for Object Constraint Language, which is a semiformal language that is used to express constraints and other expressions in UML and other modeling languages. For example, in [7], we successfully defined UML models with OCL descriptions for various security design patterns.…”

Section: Security Design Patternsmentioning

confidence: 99%

“…Using our previous method [7], we prepared OCL descriptions for each existing security design pattern as test oracles. Then we prepared decision tables and the corresponding test template according to the OCL descriptions.…”

Section: Test Template and Test Casementioning

confidence: 99%

“…We implemented our method into TESEM [7,[36][37][38][39], which is a modeling and testing tool originally dedicated only to testing design models. Under the environment of JUnit together with Selenium, the generated test cases check whether the implementation's outputs and internal states meet the expected results described in the test cases.…”

Section: Tool Implementation and Examplementioning

confidence: 99%

See 3 more Smart Citations

Implementation Support of Security Design Patterns Using Test Templates

et al. 2016

Self Cite

View full text Add to dashboard Cite

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

show abstract

Section: Limitationsmentioning

confidence: 97%

Section: Security Design Patternsmentioning

confidence: 99%

Section: Test Template and Test Casementioning

confidence: 99%

Section: Tool Implementation and Examplementioning

confidence: 99%

See 2 more Smart Citations

Implementation Support of Security Design Patterns Using Test Templates

et al. 2016

Self Cite

View full text Add to dashboard Cite

show abstract

“…Because the majority of reports create a unique tool, there are many tools for modeling, analysis, design, and implementation. However, few studies propose testing tools (such as model-based testing [179,209]) and operating tools (such a runtime framework [40,171,173,199]).…”

Section: Tool and Automationmentioning

confidence: 99%

Systematic Literature Review of Security Pattern Research

Washizaki¹,

Xia²,

Kamata³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

show abstract

An approach for guiding developers in the choice of security solutions and in the generation of concrete test cases

Salva

Regainia

2019

Software Qual J

View full text Add to dashboard Cite

This paper tackles the problems of choosing security solutions and writing concrete security test cases for software, which are two tasks of the software life cycle requiring time, expertise and experience. We propose in this paper a method, based upon the notion of knowledge base, for helping developers devise more secure applications from the threat modelling step up to the testing one. The first stage of the approach consists of the acquisition and integration of publicly available security data into a data-store. This one is used to assist developers in the design of Attack Defense Trees expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are given under the form of security pattern combinations, a security pattern being a generic and re-usable solution to design more secure applications. In the second stage, these trees are used to guide developers in the test case generation. Test verdicts show whether an application is vulnerable to the threats modelled by an ADTree and whether the consequences of the chosen security patterns are observed from the application (a consequence leading to some observable events partly showing that a pattern is correctly implemented). We applied this approach to Web applications and evaluated it on 24 participants. The results are very encouraging in terms of the two criteria Comprehensibility and Effectiveness.

show abstract

TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing

Cited by 8 publications

References 9 publications

Implementation Support of Security Design Patterns Using Test Templates

Implementation Support of Security Design Patterns Using Test Templates

Systematic Literature Review of Security Pattern Research

An approach for guiding developers in the choice of security solutions and in the generation of concrete test cases

Contact Info

Product

Resources

About