17-01-2013, 11:56 AM
Automated Test Generation
1Automated Test.docx (Size: 14.67 KB / Downloads: 35)
Security attacks:
Security attacks typically result from unintended behaviors or invalid inputs. Security testing is labor intensive because a real-world program usually has too many invalid inputs. It is highly desirable to automate or partially automate security-testing process. The attacks are made by the vulnerable users to disturb the normal flow of the network. The attackers are commonly made some attacks to collapse the network like spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privilege.
Security testing:
Security testing needs to target the “presence of an intelligent adversary bent on breaking the system. Threat modeling can provide a basis for effective security testing because threat models describe security threats from the standpoint of how the adversary would attack or exploit a system. Although threat modeling has become a viable practice for secure software development, security testing with implicit and informal threat models has very limited ability to automatically generate security tests.
Threat Net:
In a threat net, transitions represent events or actions involved in the attacks, whereas places represent conditions or states. Traditionally, threat modeling involves functional modeling, threat identification and specification, risk evaluation of threats, and threat mitigation. As our focus is on threat models for security testing, we build threat models as follows: First, we identify system functions (including assets such as data) and security goals (e.g., confidentiality, integrity, and availability). Second, for each function, we identify how it can be misused or abused to threaten its security goals. Third, we create threat nets to represent the threats. In our approach, a threat net describes interrelated security threats in terms of system functions and threat types.
Automated Test Generation:
This section discusses automated generation of attack paths from a threat net. Attack paths can be generated from the threat net even if the MIM description is not provided. Our approach can generate all attack paths from a given threat net. To do so, we first generate the reachability graph of the threat net. The reachability graph represents all states (markings) and state transitions reachable from the initial marking. The root node of the reachability graph represents the initial marking. The attacker nodes are identified by the root node by behavioral variation of the child or intermediate nodes.