Threat-driven modeling and verification of secure software using aspect-oriented Petri nets

Xu, Dianxiang; Nygard, Kendall E.

doi:10.1109/tse.2006.40

Cited by 131 publications

(104 citation statements)

References 24 publications

Supporting

Mentioning

104

Contrasting

Order By: Relevance

“…It generates tests in model level first and then program level tests are produced through transforming the one at model level. It specifies models in function nets, which is a type of PrT nets extended with inhibitor arcs and reset arcs [18]. It also provides a language for mapping the elements in function nets to implementation constructs so that it is possible to transform the model level tests into program level tests that can be executed against the system under test.…”

Section: Model-based Testing and Mistamentioning

confidence: 99%

Modeling and Analyzing Publish Subscribe Architcture using Petri Nets

Ding

Zhang²

2015

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

-Software architecture is the foundation for the development of software systems. Its correctness is important to the quality of the software systems that have been developed based on it. Formally modeling and analyzing software architecture is an effective way to ensure the correctness of software architecture. However, how to effectively verify software architecture and use the results from formal modeling and analysis is important to the application of the approach. In this paper, software architecture is modelled using high level Petri nets, and the model is then checked with a model based testing tool called MISTA, and bounded model checking tool Alloy to ensure the correctness of the model. The approach is designed as a two-phase process consisting of model-based testing and bounded model checking to ensure it is both practical and rigorous for analyzing software architecture. We illustrated the idea and procedure via modeling and analyzing the PublishSubscribe architecture. The result has shown that combining bounded model checking with model based testing is an effective extension to ensure the development quality.

show abstract

Section: Model-based Testing and Mistamentioning

confidence: 99%

Modeling and Analyzing Publish Subscribe Architcture using Petri Nets

Ding

Zhang²

2015

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

show abstract

“…The algorithm then analyzes the nodes in the set of test sequences until every node that matches CurrentNode in every sequence is replaced with a leaf node by using the following replacement method. (1) If CurrentNode is in a test sequence that has children with an AND relationship, replace CurrentNode with these children in that sequence in the left-to-right order in which they appear in the tree (lines [12][13][14][15][16][17][18][19][20][21][22]. (2) If CurrentNode is in a test sequence that has children with an OR relationship, we create the same number of sequences as children of the CurrentNode and replace CurrentNode in each of these sequences with one of the children of the OR relationship.…”

Section: Test Sequence Generation Algorithmmentioning

confidence: 99%

“…To date, researchers have developed various security testing techniques. These include techniques that generate test cases or identify vulnerabilities focusing on specific attacks, such as SQL injection or cross-site scripting (XSS) [4][5][6][7]; generate test cases using model-based approaches, such as threat modeling or use case modeling [8][9][10][11][12]; and generate test cases from control policy specifications [13,14] (Section 2 provides details).…”

Section: Introductionmentioning

confidence: 99%

A threat model‐based approach to security testing

Marback

et al. 2012

Softw Pract Exp

View full text Add to dashboard Cite

SUMMARYSoftware security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well-accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model-based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree-based approach is effective in exposing vulnerabilities.

show abstract

“…Several notations have been proposed for threat modeling, such as threat trees (a variation of fault trees for safety analysis) [19], threat nets (based on Petri nets) [15,24], misuse cases (based on use case modeling) [4,18]. Obviously, threat models can be used to generate security tests for exercising whether the implementation is resistant from the identified security threats.…”

Section: Background and Related Workmentioning

confidence: 99%