Skip to main content
SpringerLink
Log in

Enabling Security Testing from Specification to Code

  • Conference paper
Integrated Formal Methods (IFM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3771))

Included in the following conference series:

Abstract

In this paper, we present the idea of creating an intermediary model which is capable of being derived directly from the high-level, abstract model, but more closely resembles the actual implementation. The focus of our work is on the security properties of protocols. Not only do we show how an intermediary model can be constructed, but also how it can be used to automatically generate test sequences based on the security goals of the protocol being tested. Our aim is to show that by using this approach, we can derive test sequences suitable for a tester to use on a working implementation of the protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bowen, J.P., Bogdanov, K., Clark, J., Harman, M., Hierons, R., Krause, P.: FORTEST: Formal methods and testing. In: Proc. COMPSAC 2002: 26th IEEE Annual International Computer Software and Applications Conference, Oxford, UK, pp. 91–101. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  2. Dick, J., Faivre, A.: Automating the Generation and Sequencing of Test Cases from Model-Based Specifications. In: Larsen, P.G., Woodcock, J.C.P. (eds.) FME 1993. LNCS, vol. 670, pp. 268–284. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  3. Grieskamp, W., Gurevich, Y., Schulte, W., Veanes, M.: Generating finite state machines from abstract state machines. In: Proceedings of the International symposium on Software testing and analysis. ACM Press, New York (2002)

    Google Scholar 

  4. Hartman, A., Nagin, K.: The agedis tools for model based testing. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 129–132. ACM Press, New York (2004)

    Chapter  Google Scholar 

  5. Thompson, H.H., Whittaker, J.A., Mottay, F.E.: Software security vulnerability testing in hostile environments. In: Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain, pp. 260–264 (2002)

    Google Scholar 

  6. Whittaker, J.A., Thompson, H.H.: How to Break Software Security. Addison Wesley, Reading (2004)

    Google Scholar 

  7. Jürjens, J., Wimmel, G.: Specification-based testing of firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 308–316. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Sullivan, K., Yang, J., Coppit, D., Khurshid, S., Jackson, D.: Software assurance by bounded exhaustive testing. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 133–142. ACM Press, New York (2004)

    Chapter  Google Scholar 

  9. Wimmel, G., Jürjens, J.: Specification-based test generation for security-critical systems using mutations. In: George, C.W., Miao, H. (eds.) ICFEM 2002. LNCS, vol. 2495, pp. 471–482. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Yang, J., Kremenek, T., Xie, Y., Engler, D.: Meca: an extensible, expressive system and language for statically checking security properties. In: Proceedings of the 10th ACM conference on Computer and communication security, pp. 321–334. ACM Press, New York (2003)

    Chapter  Google Scholar 

  11. IOTP: Version 1.0-RFC 2801, Informational (2000), http://www.ietf.org/rfc/rfc2801.txt

  12. Chevalier, Y., Compagna, L., Cuellar, J., Drieslma, P.H., Mantovani, J., Mödersheim, S., Vigneron, L.: A high level protocol specification language for industrial security-sensitive protocols. Automated Software Engineering 180, 193–205 (2004)

    Google Scholar 

  13. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Reading (2002)

    Google Scholar 

  15. Basin, D., Mödersheim, S., Vigano, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Corbett, J., Dwyer, M., Hatcliff, J., Pasareanu, C., Robby, Z.H.: Bandera: Extracting Finite-state Models from Java Source Code. In: Proceedings of the 22nd International Conference on Software Engineering, pp. 439–448 (2000)

    Google Scholar 

  17. Robby, D.M.B., Hatcliff, J.: BOGOR: An Extensible and Highly-Modular Software Model Checking Framework. In: Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering jointly held with 9th European Sofware Engineering Conference, pp. 267–276. ACM Press, New York (2003)

    Chapter  Google Scholar 

  18. Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular Verification of Software Components in C. In: Proceedings of the 25th International Conference on Software engineering, pp. 385–395. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  19. Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Software Verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Gargantini, A., Heitmeyer, C.: Using Model Checking to Generate Tests from Requirements Specifications. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 146–162. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  21. Jéron, T., Morel, P.: Test generation derived from model-checking. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 108–121. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  22. Prenninger, W., Pretschner, A.: Abstractions for Model-Based Testing. In: Pezze, M. (ed.) Proceedings Test and Analysis of Component-based Systems, TACoS 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Software Assurance, School of Information Technology, Bond University, Gold Coast, Queensland, 4229, Australia

    Shane Bracher & Padmanabhan Krishnan

Authors
  1. Shane Bracher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Padmanabhan Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Mathematics and Computer Science, Technische Universiteit Eindhoven, P.O. Box 513, 5600, Eindhoven, MB, The Netherlands

    Judi Romijn

  2. School of Information Technology and Electrical Engineering, The University of Queensland, 4072, Australia

    Graeme Smith

  3. Formal Methods and Tools, Department of Computer Science, University of Twente, P.O. Box 217, 7500AE, Enschede, The Netherlands

    Jaco van de Pol

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bracher, S., Krishnan, P. (2005). Enabling Security Testing from Specification to Code. In: Romijn, J., Smith, G., van de Pol, J. (eds) Integrated Formal Methods. IFM 2005. Lecture Notes in Computer Science, vol 3771. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11589976_10

Download citation

  • DOI: https://doi.org/10.1007/11589976_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30492-0

  • Online ISBN: 978-3-540-32240-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation