Sunday, July 17, 2005

Model-based Approach to Security Test Automation

Security functional testing is a costly activity typically
performed by security evaluation laboratories. These
laboratories have struggled to keep pace with increasing
demand to test numerous product variations. This paper
summarizes the results of applying a model-based
approach to automate security functional testing. The
approach involves developing models of security function
specifications (SFS) as the basis for automatic test vector
and test driver generation. In the application, security
properties were modeled and the resulting tests were
executed against Oracle and Interbase database engines
through a fully automated process. The findings indicate
the approach, proven successful in a variety of other
application domains, provides a promising approach to
security functional testing.


Software security is a software quality issue that continues
to grow in importance as software systems manage continually
increasing amounts of critical corporate and personal
information. The use of the Internet to manage and exchange
this data has heightened the need for secure software
architectures, especially Internet-based architectures. At the
same time, shortened development and deployment cycles for
software make it difficult to conduct adequate security
functional testing to verify whether software systems exhibit
the expected security behavior.
Post a Comment