Abstract
In this paper, we present the idea of creating an intermediary model which is capable of being derived directly from the high-level, abstract model, but more closely resembles the actual implementation. The focus of our work is on the security properties of protocols. Not only do we show how an intermediary model can be constructed, but also how it can be used to automatically generate test sequences based on the security goals of the protocol being tested. Our aim is to show that by using this approach, we can derive test sequences suitable for a tester to use on a working implementation of the protocol.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bowen, J.P., Bogdanov, K., Clark, J., Harman, M., Hierons, R., Krause, P.: FORTEST: Formal methods and testing. In: Proc. COMPSAC 2002: 26th IEEE Annual International Computer Software and Applications Conference, Oxford, UK, pp. 91–101. IEEE Computer Society Press, Los Alamitos (2002)
Dick, J., Faivre, A.: Automating the Generation and Sequencing of Test Cases from Model-Based Specifications. In: Larsen, P.G., Woodcock, J.C.P. (eds.) FME 1993. LNCS, vol. 670, pp. 268–284. Springer, Heidelberg (1993)
Grieskamp, W., Gurevich, Y., Schulte, W., Veanes, M.: Generating finite state machines from abstract state machines. In: Proceedings of the International symposium on Software testing and analysis. ACM Press, New York (2002)
Hartman, A., Nagin, K.: The agedis tools for model based testing. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 129–132. ACM Press, New York (2004)
Thompson, H.H., Whittaker, J.A., Mottay, F.E.: Software security vulnerability testing in hostile environments. In: Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain, pp. 260–264 (2002)
Whittaker, J.A., Thompson, H.H.: How to Break Software Security. Addison Wesley, Reading (2004)
Jürjens, J., Wimmel, G.: Specification-based testing of firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 308–316. Springer, Heidelberg (2001)
Sullivan, K., Yang, J., Coppit, D., Khurshid, S., Jackson, D.: Software assurance by bounded exhaustive testing. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 133–142. ACM Press, New York (2004)
Wimmel, G., Jürjens, J.: Specification-based test generation for security-critical systems using mutations. In: George, C.W., Miao, H. (eds.) ICFEM 2002. LNCS, vol. 2495, pp. 471–482. Springer, Heidelberg (2002)
Yang, J., Kremenek, T., Xie, Y., Engler, D.: Meca: an extensible, expressive system and language for statically checking security properties. In: Proceedings of the 10th ACM conference on Computer and communication security, pp. 321–334. ACM Press, New York (2003)
IOTP: Version 1.0-RFC 2801, Informational (2000), http://www.ietf.org/rfc/rfc2801.txt
Chevalier, Y., Compagna, L., Cuellar, J., Drieslma, P.H., Mantovani, J., Mödersheim, S., Vigneron, L.: A high level protocol specification language for industrial security-sensitive protocols. Automated Software Engineering 180, 193–205 (2004)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Reading (2002)
Basin, D., Mödersheim, S., Vigano, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)
Corbett, J., Dwyer, M., Hatcliff, J., Pasareanu, C., Robby, Z.H.: Bandera: Extracting Finite-state Models from Java Source Code. In: Proceedings of the 22nd International Conference on Software Engineering, pp. 439–448 (2000)
Robby, D.M.B., Hatcliff, J.: BOGOR: An Extensible and Highly-Modular Software Model Checking Framework. In: Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering jointly held with 9th European Sofware Engineering Conference, pp. 267–276. ACM Press, New York (2003)
Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular Verification of Software Components in C. In: Proceedings of the 25th International Conference on Software engineering, pp. 385–395. IEEE Computer Society, Los Alamitos (2003)
Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Software Verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)
Gargantini, A., Heitmeyer, C.: Using Model Checking to Generate Tests from Requirements Specifications. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 146–162. Springer, Heidelberg (1999)
Jéron, T., Morel, P.: Test generation derived from model-checking. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 108–121. Springer, Heidelberg (1999)
Prenninger, W., Pretschner, A.: Abstractions for Model-Based Testing. In: Pezze, M. (ed.) Proceedings Test and Analysis of Component-based Systems, TACoS 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bracher, S., Krishnan, P. (2005). Enabling Security Testing from Specification to Code. In: Romijn, J., Smith, G., van de Pol, J. (eds) Integrated Formal Methods. IFM 2005. Lecture Notes in Computer Science, vol 3771. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11589976_10
Download citation
DOI: https://doi.org/10.1007/11589976_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30492-0
Online ISBN: 978-3-540-32240-5
eBook Packages: Computer ScienceComputer Science (R0)