Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2011: Engineering Secure Software and Systems pp 181–194Cite as

Evolution of Security Requirements Tests for Service–Centric Systems

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6542))

Abstract

Security is an important quality aspect of open service–centric systems. However, it is challenging to keep such systems secure because of steady evolution. Thus, security requirements testing, considering system changes is crucial to provide a certain level of reliability in a service–centric system. In this paper, we present a model–driven method to system level security testing of service–centric systems focusing on the aspect of requirements, system and test evolution. As requirements and the system may change over time, regular adaptations to the tests of security requirements are essential to retain, or even improve, system quality. We attach state machines to all model elements of our system- and test model to obtain consistent and traceable evolution of the system and its tests. We highlight the specifics for the evolution of security requirements, and show by a case study how changes of the attached tests are managed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bishop, M.: Computer Security: Art and Science. Addison Wesley, Reading (2003)

    Google Scholar 

  2. Breu, R.: Ten Principles for Living Models: A Manifesto of Change-Driven Software Engineering. In: CISIS 2010 (2010)

    Google Scholar 

  3. CNSS Instruction Formerly NSTISSI: National Information Assurance Glossary, Committee on National Security Systems, vol. 4009 (June 2006)

    Google Scholar 

  4. Common Criteria for Information Technology Security Evaluation, http://www.commoncriteriaportal.org/thecc.html [accessed: August 16, 2010]

  5. Pfleeger, S., Cunningham, R.: Why measuring security is hard. IEEE Security Privacy PP(99) (2010)

    Google Scholar 

  6. Leung, H., White, L.: An approach for selective state machine based regression testing. In: Proceedings of Conference on Software Maintenance (1989)

    Google Scholar 

  7. OMG: Object Constraint Language Version 2.0 (2006)

    Google Scholar 

  8. Felderer, M., Fiedler, F., Zech, P., Breu, R.: Flexible Test Code Generation for Service Oriented Systems. In: QSIC 2009 (2009)

    Google Scholar 

  9. Hafner, M., Breu, R.: Security Engineering for Service–Oriented Architectures. Springer, Heidelberg (2008)

    Google Scholar 

  10. Felderer, M., Agreiter, B., Breu, R., Armenteros, A.: Security testing by telling teststories. In: Modellierung 2010 (2010)

    Google Scholar 

  11. Mens, T., Demeyer, S. (eds.): Software Evolution. Springer, Heidelberg (2008)

    MATH  Google Scholar 

  12. Moonen, L., van Deursen, A., Zaidman, A., Bruntink, M.: On the interplay between software testing and evolution and its effect on program comprehension. In: Software Evolution (2008)

    Google Scholar 

  13. Gorthi, R.P., Pasala, A., Chanduka, K.K., Leong, B.: Specification-based approach to select regression test suite to validate changed software (2008)

    Google Scholar 

  14. von Mayrhauser, A., Zhang, N.: Automated regression testing using dbt and sleuth. Journal of Software Maintenance 11(2) (1999)

    Google Scholar 

  15. Farooq, Q.u.a., Iqbal, M.Z.Z., Malik, Z.I., Nadeem, A.: An approach for selective state machine based regression testing. In: A-MOST 2007 (2007)

    Google Scholar 

  16. Briand, L.C., Labiche, Y., He, S.: Automating regression test selection based on uml designs. Inf. Softw. Technol. 51(1) (2009)

    Google Scholar 

  17. Julliand, J., Masson, P.A., Tissot, R.: Generating security tests in addition to functional tests. In: AST 2008 (2008)

    Google Scholar 

  18. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Wimmel, G., Jürjens, J.: Specification-based test generation for security-critical systems using mutations. LNCS. Springer, Heidelberg (2002)

    Book  MATH  Google Scholar 

  20. Barbir, A., Hobbs, C., Bertino, E., Hirsch, F., Martino, L.: Challenges of testing web services and security in soa implementations. In: Test and Analysis of Web Services. Springer, Heidelberg (2007)

    Google Scholar 

  21. Cova, M., Felmetsger, V., Vigna, G.: Vulnerability Analysis of Web–Based Applications. In: Testing and Analysis of Web Services (2007)

    Google Scholar 

  22. Penta, M.D., Bruno, M., Esposito, G., Mazza, V., Canfora, G.: Web services regression testing. In: Test and Analysis of Web Services (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Innsbruck, Austria

    Michael Felderer, Berthold Agreiter & Ruth Breu

Authors
  1. Michael Felderer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Berthold Agreiter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google Inc., 1288 Pear Ave, 94043, Mountain View, CA, USA

    Úlfar Erlingsson

  2. Computer Science Department, University of Twente, Drienerlolaan 5, 7522 NB, Enschede, The Netherlands

    Roel Wieringa

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612 AZ, Eindhoven, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Felderer, M., Agreiter, B., Breu, R. (2011). Evolution of Security Requirements Tests for Service–Centric Systems. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19125-1_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19124-4

  • Online ISBN: 978-3-642-19125-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation