Abstract
Existing security testing techniques often fail to reveal critical security threats, partly because testers focus on testing known and expected behaviours, and consequently, ignore testing for unspecified behaviours that are frequently targeted by attackers. The novel contribution of this paper is an exploratory example of the use of Implied Scenarios detection to the problem of security testing. Implied scenarios arise when the desired global behaviour is implemented component-wise. These scenarios can have security consequences on the system, and thus provide useful feedback for the security posture of the system. We introduce the application of Implied Scenario detection for security testing to reveal unexpected interactions between system components. We motivate its need by drawing on the limitations of existing work on testing for security. We adapt a model-driven approach to guide the testing process. We use an example to illustrate the feasibility and the applicability of the suggestion, and for evaluating its potential benefits. © 2010 ACM.
Author supplied keywords
Cite
CITATION STYLE
Al-Azzani, S., & Bahsoon, R. (2010). Using implied scenarios in security testing. In Proceedings - International Conference on Software Engineering (pp. 15–21). https://doi.org/10.1145/1809100.1809103
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
