Evolution of Security Requirements Tests for Service–Centric Systems

  • Michael Felderer
  • Berthold Agreiter
  • Ruth Breu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)


Security is an important quality aspect of open service–centric systems. However, it is challenging to keep such systems secure because of steady evolution. Thus, security requirements testing, considering system changes is crucial to provide a certain level of reliability in a service–centric system. In this paper, we present a model–driven method to system level security testing of service–centric systems focusing on the aspect of requirements, system and test evolution. As requirements and the system may change over time, regular adaptations to the tests of security requirements are essential to retain, or even improve, system quality. We attach state machines to all model elements of our system- and test model to obtain consistent and traceable evolution of the system and its tests. We highlight the specifics for the evolution of security requirements, and show by a case study how changes of the attached tests are managed.


Model Element State Machine Centric System Functional Requirement Security Requirement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bishop, M.: Computer Security: Art and Science. Addison Wesley, Reading (2003)Google Scholar
  2. 2.
    Breu, R.: Ten Principles for Living Models: A Manifesto of Change-Driven Software Engineering. In: CISIS 2010 (2010)Google Scholar
  3. 3.
    CNSS Instruction Formerly NSTISSI: National Information Assurance Glossary, Committee on National Security Systems, vol. 4009 (June 2006)Google Scholar
  4. 4.
    Common Criteria for Information Technology Security Evaluation, [accessed: August 16, 2010]
  5. 5.
    Pfleeger, S., Cunningham, R.: Why measuring security is hard. IEEE Security Privacy PP(99) (2010)Google Scholar
  6. 6.
    Leung, H., White, L.: An approach for selective state machine based regression testing. In: Proceedings of Conference on Software Maintenance (1989)Google Scholar
  7. 7.
    OMG: Object Constraint Language Version 2.0 (2006)Google Scholar
  8. 8.
    Felderer, M., Fiedler, F., Zech, P., Breu, R.: Flexible Test Code Generation for Service Oriented Systems. In: QSIC 2009 (2009)Google Scholar
  9. 9.
    Hafner, M., Breu, R.: Security Engineering for Service–Oriented Architectures. Springer, Heidelberg (2008)Google Scholar
  10. 10.
    Felderer, M., Agreiter, B., Breu, R., Armenteros, A.: Security testing by telling teststories. In: Modellierung 2010 (2010)Google Scholar
  11. 11.
    Mens, T., Demeyer, S. (eds.): Software Evolution. Springer, Heidelberg (2008)zbMATHGoogle Scholar
  12. 12.
    Moonen, L., van Deursen, A., Zaidman, A., Bruntink, M.: On the interplay between software testing and evolution and its effect on program comprehension. In: Software Evolution (2008)Google Scholar
  13. 13.
    Gorthi, R.P., Pasala, A., Chanduka, K.K., Leong, B.: Specification-based approach to select regression test suite to validate changed software (2008)Google Scholar
  14. 14.
    von Mayrhauser, A., Zhang, N.: Automated regression testing using dbt and sleuth. Journal of Software Maintenance 11(2) (1999)Google Scholar
  15. 15.
    Farooq, Q.u.a., Iqbal, M.Z.Z., Malik, Z.I., Nadeem, A.: An approach for selective state machine based regression testing. In: A-MOST 2007 (2007)Google Scholar
  16. 16.
    Briand, L.C., Labiche, Y., He, S.: Automating regression test selection based on uml designs. Inf. Softw. Technol. 51(1) (2009)Google Scholar
  17. 17.
    Julliand, J., Masson, P.A., Tissot, R.: Generating security tests in addition to functional tests. In: AST 2008 (2008)Google Scholar
  18. 18.
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Wimmel, G., Jürjens, J.: Specification-based test generation for security-critical systems using mutations. LNCS. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  20. 20.
    Barbir, A., Hobbs, C., Bertino, E., Hirsch, F., Martino, L.: Challenges of testing web services and security in soa implementations. In: Test and Analysis of Web Services. Springer, Heidelberg (2007)Google Scholar
  21. 21.
    Cova, M., Felmetsger, V., Vigna, G.: Vulnerability Analysis of Web–Based Applications. In: Testing and Analysis of Web Services (2007)Google Scholar
  22. 22.
    Penta, M.D., Bruno, M., Esposito, G., Mazza, V., Canfora, G.: Web services regression testing. In: Test and Analysis of Web Services (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Michael Felderer
    • 1
  • Berthold Agreiter
    • 1
  • Ruth Breu
    • 1
  1. 1.Institute of Computer ScienceUniversity of InnsbruckAustria

Personalised recommendations