An approach for guiding developers in the choice of security solutions and in the generation of concrete test cases

  • Sébastien SalvaEmail author
  • Loukmen Regainia


This paper tackles the problems of choosing security solutions and writing concrete security test cases for software, which are two tasks of the software life cycle requiring time, expertise and experience. We propose in this paper a method, based upon the notion of knowledge base, for helping developers devise more secure applications from the threat modelling step up to the testing one. The first stage of the approach consists of the acquisition and integration of publicly available security data into a data store. This one is used to assist developers in the design of attack-defense trees expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are given under the form of security pattern combinations, a security pattern being a generic and reusable solution to design more secure applications. In the second stage, these trees are used to guide developers in the test case generation. Test verdicts show whether an application is vulnerable to the threats modelled by an ADTree and whether the consequences of the chosen security patterns are observed from the application (a consequence leading to some observable events partly showing that a pattern is correctly implemented). We applied this approach to web applications and evaluated it on 24 participants. The results are very encouraging in terms of the two criteria: comprehensibility and effectiveness.


Security Security patterns Attack-defense trees Test case generation 



  1. Aleem, A.K., & Zulkernine, M. (2012). A comparative study of software security pattern classifications seventh international conference on availability. Reliability and Security, 582–589.Google Scholar
  2. Bozic, J., Simos, D.E., Wotawa, F. (2014). Attack pattern-based combinatorial testing. In Proceedings of the 9th international workshop on automation of software test. AST 2014 (pp. 1–7). New York: ACM.Google Scholar
  3. Daun, M, Hübscher, C, Weyer, T. (2017). Controlled experiments with student participants in software engineering: preliminary results from a systematic mapping study. CoRR, arXiv:1708.04662.
  4. del Pilar Salas-Zárate, M., Alor-Hernández, G., Valencia-García, R., Rodríguez-Mazahua, L., Rodríguez-González, A., Cuadrado, J.L.L. (2015). Analyzing best practices on web development frameworks: the lift approach. Science of Computer Programming, 102, 1–19.CrossRefGoogle Scholar
  5. Dong, J., Peng, T., Zhao, Y. (2010). Automated verification of security pattern compositions. Information and Software Technology, 52(3), 274–295.CrossRefGoogle Scholar
  6. El Ariss, O., & Xu, D. (2011). Modeling security attacks with statecharts. In Proceedings of the Joint ACM SIGSOFT conference – QoSA and ACM SIGSOFT symposium – ISARCS on quality of software architectures – QoSA and architecting critical systems – ISARCS. QoSA-ISARCS ’11 (pp. 123–132). New York: ACM.Google Scholar
  7. Fernandez, E.B., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y. (2008). Classifying security patterns. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics) (Vol. 4976 LNCS, pp. 342–347).Google Scholar
  8. Hamid, B., Percebois, C., Gouteux, D. (2012). A methodology for integration of patterns with validation purpose. In Proceedings of the 17th European conference on pattern languages of programs. EuroPLoP ’12 (pp. 8:1–8:14). New York: ACM.Google Scholar
  9. Howard, M., & LeBlanc, D. (2003). Writing secure code.Google Scholar
  10. Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R. (2015). Attack trees with sequential conjunction. In IFIP International information security conference (pp. 339–353). Springer.Google Scholar
  11. Kobashi, T., Yoshizawa, M., Washizaki, H., Fukazawa, Y., Yoshioka, N., Okubo, T., Kaiya, H. (2015). TESEM: a tool for verifying security design pattern applications by model testing. In 2015 IEEE 8th International conference on software testing, verification and validation (ICST) (pp. 1–8).Google Scholar
  12. Kordy, B., Mauw, S., Radomirović, S, Schweitzer, P. (2012). Attack–defense trees. Journal of Logic and Computation p exs029.Google Scholar
  13. Kordy, B., Kordy, P., Mauw, S., Schweitzer, P. (2013). ADTool: security analysis with attack–defense trees. In International conference on quantitative evaluation of systems (pp. 173–176). Springer.Google Scholar
  14. Marback, A., Do, H., He, K., Kondamarri, S., Xu, D. (2009). Security test generation using threat trees. In 2009 ICSE Workshop on automation of software test (pp. 62–69).Google Scholar
  15. Marback, A., Do, H., He, K., Kondamarri, S., Xu, D. (2013). A threat model-based approach to security testing. Softw Pract Exper, 43(2), 241–258.CrossRefGoogle Scholar
  16. Mitre corporation. (2015). Common attack pattern enumeration and classification.
  17. Morais, A., Martins, E., Cavalli, A., Jimenez, W. (2009). Security protocol testing using attack trees. In 2009 International conference on computational science and engineering (Vol. 2, pp. 690–697).Google Scholar
  18. Offensive Security. (2017). Exploit database archive.
  19. Regaigna, L., Bouhours, C., Salva, S. (2016). A systematic approach to assist designers in security pattern integration. In Second international conference on advances and trends in software engineering (SOFTENG 2016). Lisbon.Google Scholar
  20. Regainia, L., & Salva, S. (2017). Security pattern classification, companion site.
  21. Rojas, J.M., Fraser, G., Arcuri, A. (2015). Automated unit test generation during software development: a controlled experiment and think-aloud observations. In Proceedings of the 2015 international symposium on software testing and analysis. ISSTA 2015 (pp. 338–349). New York: ACM.Google Scholar
  22. Salva, S., & Regainia, L. (2017a). Using data integration for security testing. In Testing software and systems - 29th IFIP WG 6.1 international conference, ICTSS 2017, St. Petersburg, Russia, October 9-11, 2017, Proceedings (pp. 178–194).Google Scholar
  23. Salva, S., & Regainia, L. (2017b). Using data integration to help design more secure applications. In Proceedings of the 12th international conference on risks and security of internet and systems. Dinard: Springer.Google Scholar
  24. Schieferdecker, I., Grossmann, J., Schneider, M.A. (2012). Model-based security testing. In Proceedings 7th workshop on model-based testing, MBT 2012, Tallinn, Estonia, 25 March 2012 (pp. 1–12).Google Scholar
  25. Schumacher, M. (2003). Security engineering with patterns: origins, theoretical models, and new applications. Secaucus: Springer-Verlag New York, Inc.CrossRefGoogle Scholar
  26. Shahmehri, N., Mammar, A., Montes De Oca, E., Byers, D., Cavalli, A., Ardi, S., Jimenez, W. (2012). An advanced approach for modeling and detecting software vulnerabilities. Information and Software Technology, 54(9), 997–1013.CrossRefGoogle Scholar
  27. Slavin, R., & Niu, J. (2017). Security patterns repository.
  28. Torr, P. (2005). Demystifying the threat modeling process. IEEE Security Privacy, 3(5), 66–70.CrossRefGoogle Scholar
  29. Xu, D., Tu, M., Sanford, M., Thomas, L., Woodraska, D., Xu, W. (2012). Automated security test generation with formal threat models. IEEE Transactions on Dependable and Secure Computing, 9(4), 526–540.CrossRefGoogle Scholar
  30. Yoder, J., Yoder, J., Barcalow, J., Barcalow, J. (1998). Architectural patterns for enabling application security. Proceedings of PLoP, 1997(51), 31.Google Scholar
  31. Yoshizawa, M., Kobashi, T., Washizaki, H., Fukazawa, Y., Okubo, T., Kaiya, H., Yoshioka, N. (2014). Verifying implementation of security design patterns using a test template. In 2014 Ninth international conference on availability, reliability and security (pp. 178–183).Google Scholar
  32. Yskout, K., Heyman, T., Scandariato, R., Joosen, W. (2006). A system of security patterns.Google Scholar
  33. Yskout, K., Scandariato, R., Joosen, W. (2015). Do security patterns really help designers?. In Proceedings of the 37th international conference on software engineering. ICSE ’15, (Vol. 1 pp. 292–302). Piscataway: IEEE Press.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.IUT of Clermont-FerrandUniversity Clermont AuvergneLimosFrance
  2. 2.University Clermont AuvergneLimosFrance

Personalised recommendations