An approach for guiding developers in the choice of security solutions and in the generation of concrete test cases
- 18 Downloads
This paper tackles the problems of choosing security solutions and writing concrete security test cases for software, which are two tasks of the software life cycle requiring time, expertise and experience. We propose in this paper a method, based upon the notion of knowledge base, for helping developers devise more secure applications from the threat modelling step up to the testing one. The first stage of the approach consists of the acquisition and integration of publicly available security data into a data store. This one is used to assist developers in the design of attack-defense trees expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are given under the form of security pattern combinations, a security pattern being a generic and reusable solution to design more secure applications. In the second stage, these trees are used to guide developers in the test case generation. Test verdicts show whether an application is vulnerable to the threats modelled by an ADTree and whether the consequences of the chosen security patterns are observed from the application (a consequence leading to some observable events partly showing that a pattern is correctly implemented). We applied this approach to web applications and evaluated it on 24 participants. The results are very encouraging in terms of the two criteria: comprehensibility and effectiveness.
KeywordsSecurity Security patterns Attack-defense trees Test case generation
- Aleem, A.K., & Zulkernine, M. (2012). A comparative study of software security pattern classifications seventh international conference on availability. Reliability and Security, 582–589.Google Scholar
- Bozic, J., Simos, D.E., Wotawa, F. (2014). Attack pattern-based combinatorial testing. In Proceedings of the 9th international workshop on automation of software test. AST 2014 (pp. 1–7). New York: ACM.Google Scholar
- Daun, M, Hübscher, C, Weyer, T. (2017). Controlled experiments with student participants in software engineering: preliminary results from a systematic mapping study. CoRR, arXiv:1708.04662.
- El Ariss, O., & Xu, D. (2011). Modeling security attacks with statecharts. In Proceedings of the Joint ACM SIGSOFT conference – QoSA and ACM SIGSOFT symposium – ISARCS on quality of software architectures – QoSA and architecting critical systems – ISARCS. QoSA-ISARCS ’11 (pp. 123–132). New York: ACM.Google Scholar
- Fernandez, E.B., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y. (2008). Classifying security patterns. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics) (Vol. 4976 LNCS, pp. 342–347).Google Scholar
- Hamid, B., Percebois, C., Gouteux, D. (2012). A methodology for integration of patterns with validation purpose. In Proceedings of the 17th European conference on pattern languages of programs. EuroPLoP ’12 (pp. 8:1–8:14). New York: ACM.Google Scholar
- Howard, M., & LeBlanc, D. (2003). Writing secure code.Google Scholar
- Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R. (2015). Attack trees with sequential conjunction. In IFIP International information security conference (pp. 339–353). Springer.Google Scholar
- Kobashi, T., Yoshizawa, M., Washizaki, H., Fukazawa, Y., Yoshioka, N., Okubo, T., Kaiya, H. (2015). TESEM: a tool for verifying security design pattern applications by model testing. In 2015 IEEE 8th International conference on software testing, verification and validation (ICST) (pp. 1–8).Google Scholar
- Kordy, B., Mauw, S., Radomirović, S, Schweitzer, P. (2012). Attack–defense trees. Journal of Logic and Computation p exs029.Google Scholar
- Kordy, B., Kordy, P., Mauw, S., Schweitzer, P. (2013). ADTool: security analysis with attack–defense trees. In International conference on quantitative evaluation of systems (pp. 173–176). Springer.Google Scholar
- Marback, A., Do, H., He, K., Kondamarri, S., Xu, D. (2009). Security test generation using threat trees. In 2009 ICSE Workshop on automation of software test (pp. 62–69).Google Scholar
- Mitre corporation. (2015). Common attack pattern enumeration and classification. https://capec.mitre.org/.
- Morais, A., Martins, E., Cavalli, A., Jimenez, W. (2009). Security protocol testing using attack trees. In 2009 International conference on computational science and engineering (Vol. 2, pp. 690–697).Google Scholar
- Offensive Security. (2017). Exploit database archive. https://capec.mitre.org/.
- OWASP. (2016). Owasp testing guide v3.0 project. http://www.owasp.org/index.php/Category:OWASP_Testing_Project#OWASP_Testing_Guide.
- Regaigna, L., Bouhours, C., Salva, S. (2016). A systematic approach to assist designers in security pattern integration. In Second international conference on advances and trends in software engineering (SOFTENG 2016). Lisbon.Google Scholar
- Regainia, L., & Salva, S. (2017). Security pattern classification, companion site. http://regainia.com/research/companion.html.
- Rojas, J.M., Fraser, G., Arcuri, A. (2015). Automated unit test generation during software development: a controlled experiment and think-aloud observations. In Proceedings of the 2015 international symposium on software testing and analysis. ISSTA 2015 (pp. 338–349). New York: ACM.Google Scholar
- Salva, S., & Regainia, L. (2017a). Using data integration for security testing. In Testing software and systems - 29th IFIP WG 6.1 international conference, ICTSS 2017, St. Petersburg, Russia, October 9-11, 2017, Proceedings (pp. 178–194).Google Scholar
- Salva, S., & Regainia, L. (2017b). Using data integration to help design more secure applications. In Proceedings of the 12th international conference on risks and security of internet and systems. Dinard: Springer.Google Scholar
- Schieferdecker, I., Grossmann, J., Schneider, M.A. (2012). Model-based security testing. In Proceedings 7th workshop on model-based testing, MBT 2012, Tallinn, Estonia, 25 March 2012 (pp. 1–12).Google Scholar
- Slavin, R., & Niu, J. (2017). Security patterns repository. http://sefm.cs.utsa.edu/repository/.
- Yoder, J., Yoder, J., Barcalow, J., Barcalow, J. (1998). Architectural patterns for enabling application security. Proceedings of PLoP, 1997(51), 31.Google Scholar
- Yoshizawa, M., Kobashi, T., Washizaki, H., Fukazawa, Y., Okubo, T., Kaiya, H., Yoshioka, N. (2014). Verifying implementation of security design patterns using a test template. In 2014 Ninth international conference on availability, reliability and security (pp. 178–183).Google Scholar
- Yskout, K., Heyman, T., Scandariato, R., Joosen, W. (2006). A system of security patterns.Google Scholar
- Yskout, K., Scandariato, R., Joosen, W. (2015). Do security patterns really help designers?. In Proceedings of the 37th international conference on software engineering. ICSE ’15, (Vol. 1 pp. 292–302). Piscataway: IEEE Press.Google Scholar