Towards Model-Based Automatic Testing of Attack Scenarios

  • M. Zulkernine
  • M. F. Raihan
  • M. G. Uddin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5775)


Model-based testing techniques play a vital role in producing quality software. However, compared to the testing of functional requirements, these techniques are not prevalent that much in testing software security. This paper presents a model-based approach to automatic testing of attack scenarios. An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios. The techniques adopted in the framework are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines. The attack events, i.e., attack test vectors chosen from the attacks happening in real-world are converted to the test driver specific events ready to be tested against the attack signatures. The proposed framework is implemented and evaluated using the most common attack scenarios. The framework is useful to test software with respect to potential attacks which can significantly reduce the risk of security vulnerabilities.


Generate Test Case Network Packet Attack Scenario Attack Signature Test Driver 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dalal, S., Jain, A., Karunanithi, N., Leaton, J., Lott, C., Patton, G., Horowitz, B.: Model-based testing in practice. In: Proc. of the Intl. Conf. on Software Engineering, USA, May 1999, pp. 285–294 (1999)Google Scholar
  2. 2.
    Rosaria, S., Robinson, H.: Applying models in your testing process. Information and Software technology 42(12), 815–824 (2000)CrossRefGoogle Scholar
  3. 3.
    Chandramouli, R., Blackburn, M.: Automated testing of security functions using a combined model and interface-driven approach. In: Proc. of the 37th Annual Hawaii International Conference, Hawaii, USA (January 2004)Google Scholar
  4. 4.
    Blackburn, M., Busser, R., Nauman, A., Chandramouli, R.: Model-based approach to security test automation. In: Proc. of the 14th International Software and Internet Quality Week Conference, San Francisco, USA (June 2001)Google Scholar
  5. 5.
    Chandramouli, R., Blackburn, M.: Security functional testing using an interface-driven model-based test automation approach. In: Proc. of the 18th Computer Security Applications Conference, Las Vegas, USA (December 2002)Google Scholar
  6. 6.
    Barnett, M., Grieskamp, W., Nachmanson, L., Schulte, W., Tillmann, N., Veanes, M.: Towards a tool environment for model-based testing with AsmL. In: Proc. of the 3rd International Workshop on Formal Approaches to Testing of Software, pp. 252–266. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    MIT Lincoln Laboratory. DARPA Intrusion Detection Evaluation (2006), (accessed in April 2006)
  8. 8.
    Barnett, M., Schulte, W.: The ABCs of specification: AsmL, behavior, and components. Informatic (Slovania) 25(4), 517–526 (2001)zbMATHGoogle Scholar
  9. 9.
    Raihan, M., Zulkernine, M.: AsmLSec: An extension of abstract state machine language for attack scenario specification. In: Proc. of the 2nd International Conf. on Availability, Reliability and Security, Vienna, Austria (April 2007)Google Scholar
  10. 10.
    Potter, B., McGraw, G.: Software security testing. IEEE Software Security & Privacy Magazine 2(5), 81–85 (2004)CrossRefGoogle Scholar
  11. 11.
    Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Software Security & Privacy Magazine 3(1), 84–87 (2005)CrossRefGoogle Scholar
  12. 12.
    Stytz, M., Banks, S.: Dynamic software security testing. IEEE Software Security & Privacy Magazine 4(3), 77–79 (2006)CrossRefGoogle Scholar
  13. 13.
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Proc. of the 27th International Conference on Software Engineering, St. Louis, USA, May 2005, pp. 322–331 (2005)Google Scholar
  14. 14.
    Jürjens, J., Fox, J.: Tools for model-based security engineering. In: Proc. of the 28th international conference on Software engineering, Shanghai, China, May 2006, pp. 819–822 (2006)Google Scholar
  15. 15.
    Tal, O., Knight, S., Dean, T.R.: Syntax-based Vulnerabilities Testing of Frame-based Network Protocols. In: Proc. of the 2nd Annual Conference on Privacy, Security and Trust, Fredericton, Canada, October 2004, pp. 155–160 (2004)Google Scholar
  16. 16.
    Ghosh, A.K., O’Connor, T., McGraw, G.: An automated approach for identifying potential vulnerabilities in software. In: IEEE Symp. on Security and Privacy, USA, pp. 104–114 (1998)Google Scholar
  17. 17.
    Du, W., Mathur, A.: Testing for software vulnerabilities using environment perturbation. In: Intl. Conf. on Dependable Systems and Networks, New York, USA, June 2000, pp. 603–612 (2000)Google Scholar
  18. 18.
    Allen, W., Chin, D., Marin, G.: A Model-based Approach to the Security Testing of Network Protocol Implementations. In: Proc. of the 31st IEEE Conference on Local Computer Networks, November 2006, pp. 1008–1015 (2006)Google Scholar
  19. 19.
    Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection. In: Proc. of the 23rd Annual Computer Security Applications Conference, Miami, December 2007, pp. 107–117 (2007)Google Scholar
  20. 20.
    Salas, P., Krishnan, P., Ross, K.J.: Model-Based Security Vulnerability Testing. In: Proc. of Australian Software Engineering Conference, Melbourne, Australia, pp. 284–296 (2007)Google Scholar
  21. 21.
    Wimmel, G., Jürjens, J.: Specification-based Test Generation for Security-Critical Systems Using Mutations. In: George, C.W., Miao, H. (eds.) ICFEM 2002. LNCS, vol. 2495, pp. 471–482. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Jayaram, K.R.: Identifying and Testing for Insecure Paths in Cryptographic Protocol Implementations. In: Proc. of the 30th Annual International Computer Software and Applications Conference, Chicago, USA, September 2006, pp. 368–369 (2006)Google Scholar
  23. 23.
    Aaby, A.: Compiler Construction using Flex and Bison, (Accessed, April 2006)

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • M. Zulkernine
    • 1
  • M. F. Raihan
    • 1
  • M. G. Uddin
    • 2
  1. 1.School of ComputingQueen’s UniversityKingstonCanada
  2. 2.Department of Electrical and Computer EngineeringQueen’s UniversityKingstonCanada

Personalised recommendations