Abstract
Security is an important quality aspect of open service–centric systems. However, it is challenging to keep such systems secure because of steady evolution. Thus, security requirements testing, considering system changes is crucial to provide a certain level of reliability in a service–centric system. In this paper, we present a model–driven method to system level security testing of service–centric systems focusing on the aspect of requirements, system and test evolution. As requirements and the system may change over time, regular adaptations to the tests of security requirements are essential to retain, or even improve, system quality. We attach state machines to all model elements of our system- and test model to obtain consistent and traceable evolution of the system and its tests. We highlight the specifics for the evolution of security requirements, and show by a case study how changes of the attached tests are managed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bishop, M.: Computer Security: Art and Science. Addison Wesley, Reading (2003)
Breu, R.: Ten Principles for Living Models: A Manifesto of Change-Driven Software Engineering. In: CISIS 2010 (2010)
CNSS Instruction Formerly NSTISSI: National Information Assurance Glossary, Committee on National Security Systems, vol. 4009 (June 2006)
Common Criteria for Information Technology Security Evaluation, http://www.commoncriteriaportal.org/thecc.html [accessed: August 16, 2010]
Pfleeger, S., Cunningham, R.: Why measuring security is hard. IEEE Security Privacy PP(99) (2010)
Leung, H., White, L.: An approach for selective state machine based regression testing. In: Proceedings of Conference on Software Maintenance (1989)
OMG: Object Constraint Language Version 2.0 (2006)
Felderer, M., Fiedler, F., Zech, P., Breu, R.: Flexible Test Code Generation for Service Oriented Systems. In: QSIC 2009 (2009)
Hafner, M., Breu, R.: Security Engineering for Service–Oriented Architectures. Springer, Heidelberg (2008)
Felderer, M., Agreiter, B., Breu, R., Armenteros, A.: Security testing by telling teststories. In: Modellierung 2010 (2010)
Mens, T., Demeyer, S. (eds.): Software Evolution. Springer, Heidelberg (2008)
Moonen, L., van Deursen, A., Zaidman, A., Bruntink, M.: On the interplay between software testing and evolution and its effect on program comprehension. In: Software Evolution (2008)
Gorthi, R.P., Pasala, A., Chanduka, K.K., Leong, B.: Specification-based approach to select regression test suite to validate changed software (2008)
von Mayrhauser, A., Zhang, N.: Automated regression testing using dbt and sleuth. Journal of Software Maintenance 11(2) (1999)
Farooq, Q.u.a., Iqbal, M.Z.Z., Malik, Z.I., Nadeem, A.: An approach for selective state machine based regression testing. In: A-MOST 2007 (2007)
Briand, L.C., Labiche, Y., He, S.: Automating regression test selection based on uml designs. Inf. Softw. Technol. 51(1) (2009)
Julliand, J., Masson, P.A., Tissot, R.: Generating security tests in addition to functional tests. In: AST 2008 (2008)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Wimmel, G., Jürjens, J.: Specification-based test generation for security-critical systems using mutations. LNCS. Springer, Heidelberg (2002)
Barbir, A., Hobbs, C., Bertino, E., Hirsch, F., Martino, L.: Challenges of testing web services and security in soa implementations. In: Test and Analysis of Web Services. Springer, Heidelberg (2007)
Cova, M., Felmetsger, V., Vigna, G.: Vulnerability Analysis of Web–Based Applications. In: Testing and Analysis of Web Services (2007)
Penta, M.D., Bruno, M., Esposito, G., Mazza, V., Canfora, G.: Web services regression testing. In: Test and Analysis of Web Services (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Felderer, M., Agreiter, B., Breu, R. (2011). Evolution of Security Requirements Tests for Service–Centric Systems. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-19125-1_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19124-4
Online ISBN: 978-3-642-19125-1
eBook Packages: Computer ScienceComputer Science (R0)