Verifying Implementation of Security Design Patterns Using a Test Template

Yoshizawa, Masatoshi; Kobashi, Takanori; Washizaki, Hironori; Fukazawa, Yoshiaki; Okubo, Takao; Kaiya, Haruhiko; Yoshioka, Nobukazu

doi:10.1109/ares.2014.31

Cited by 11 publications

(7 citation statements)

References 13 publications

(10 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Because the majority of reports create a unique tool, there are many tools for modeling, analysis, design, and implementation. However, few studies propose testing tools (such as model-based testing [179,209]) and operating tools (such a runtime framework [40,171,173,199]).…”

Section: Tool and Automationmentioning

confidence: 99%

Systematic Literature Review of Security Pattern Research

Washizaki¹,

Xia²,

Kamata³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

show abstract

Section: Tool and Automationmentioning

confidence: 99%

Systematic Literature Review of Security Pattern Research

Washizaki¹,

Xia²,

Kamata³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…2) Security Pattern Testing: the verification of patterns on models was studied in [26], [27], [28], [4], [29]. In these papers, pattern goals or intents or structural properties are specified with UML sequence diagrams [26] with expressions written with the Object Constraint Language (OCL) [27], [28], [4] or with LTL properties [29]. The pattern features are then checked on UML models.…”

Section: Related Workmentioning

confidence: 99%

An Advanced Approach for Choosing Security Patterns and Checking their Implementation

Salva,

Regainia

2020

Preprint

View full text Add to dashboard Cite

This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at guiding developers towards the implementation of secure applications, from the threat modelling stage up to the testing one. This approach relies on a knowledge base integrating varied security data, e.g., attacks, attack steps, and security patterns that are generic and re-usable solutions to design secure applications. The first stage of the approach consists in assisting developers in the design of Attack Defense Trees expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are given under the form of security pattern combinations. In the second stage, these trees are used to guide developers in the test case generation. After the test case execution, test verdicts show whether an application is vulnerable to the threats modelled by an ADTree. The last stage of the approach checks whether behavioural properties of security patterns hold in the application traces collected while the test case execution. These properties are formalised with LTL properties, which are generated from the knowledge base. Developers do not have to write LTL properties not to be expert in formal models. We experimented the approach on 10 Web applications to evaluate its testing effectiveness and its performance.

show abstract

“…The authors design the IoT system with class and sequence diagrams for these five patterns. Masatoshi Yoshizawa et al [18], proposed the validation method for security design patterns by creating the aspect test template and Test case template to support the developer during the implementation. Arnon Sturm et al [19] proposed method for implementing security patterns database applications which preserves the access control.…”

Section: Related Workmentioning

confidence: 99%

Identification and Remediation of Vulnerabilities in IoT based Health Monitor

Aruna*,

Reddy,

Sunitha

2019

IJITEE

View full text Add to dashboard Cite

Internet of Things (IoT) changes the trend “Connect the unconnected” likes human or environmental and technical interactions, interactions among the machines through Radio Networks, Sensor Networks and many more simple devices like fitbits, thermostats etc. Besides this, they are highly prone to vulnerable due to its open and heterogeneous nature. To secure IoT Applications, we proposed a methodology called “Process to enhance software security” (PESS) method. The main Moto of PESS is to design Security aware Software Development Life Cycle (Sa-SDLC). In PESS methodology we are applying and assessing the secure assurance activities and security patterns. In our work, we have applied secure assurance activities and secure adapter pattern for securing user information of IoT based Health Monitor Application. Our PESS methodology accomplished the security implementation faults identification and remediation at early phases of IoT application development life cycle.

show abstract

Verifying Implementation of Security Design Patterns Using a Test Template

Cited by 11 publications

References 13 publications

Systematic Literature Review of Security Pattern Research

Systematic Literature Review of Security Pattern Research

An Advanced Approach for Choosing Security Patterns and Checking their Implementation

Identification and Remediation of Vulnerabilities in IoT based Health Monitor

Contact Info

Product

Resources

About