An attack scenario based approach for software security testing at design stage

Proceedings - International Symposium on Computer Science and Computational Technology, ISCSCT 2008

Volumn 1, Issue , 2008, Pages 782-787

  He, Ke ^a   Feng, Zhiyong ^a   Li, Xiaohong ^a  

^a TIANJIN UNIVERSITY   (China)

Author keywords

Attack scenario; Software security testing

Indexed keywords

ACTIVITY DIAGRAMS; ATTACK PATHS; ATTACK PATTERNS; ATTACK SCENARIO; COVERAGE CRITERION; DESIGN STAGES; EARLY DESIGN STAGES; ON-LINE BANKINGS; POTENTIAL ATTACKS; SECURITY PATTERNS; SECURITY REQUIREMENTS; SOFTWARE SECURITY TESTING; SYSTEM DESIGNS; TEST CASE;

COMPUTERS; DESIGN; SYSTEMS ANALYSIS; TESTING;

SOFTWARE TESTING;

EID: 62349084005     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISCSCT.2008.116     Document Type: Conference Paper

References (9)

1. nd edition, Microsoft Press, 2003.
2. A. P. Moore, R. J. Ellison, and R. C. Linger. "Attack modeling for information security and survivability", Technical Report, CMU/SEI-2001-TN-001, 2001.
3. N. Yoshioka, H. Washizaki, and K. Maruyama, "A survey on security patterns", Progress in Informatics, no. 5, pp. 35-47, 2008.
4. A. Aurum, H. Petersson, and C. Wohlin, "State-of-the-Art: Software Inspections after 25 Years", Software Testing, Verification and Reliability, 12(3):133-154, 2002.
5. J. Ryser and M. Glinz. "A Scenario-Based Approach to Validating and Testing Software Systems Using Statecharts". In Proceeding of 12th International Conference on Software and Systems Engineering and their Applications, 1999.
6. W. T. Tsai, A. Saimi, L. Yu, and R. Paul, "Scenario-based objectoriented testing framework," in Proceedings of Third International Conference on Quality Software, 2003, pp. 410-417.
7. A. A. Thomas, J. R. Debra, and A. S. Thomas, "Scenarios, state machines and purpose-driven testing," in Proceedings of the fourth international workshop on Scenarios and state machines: models, algorithms and tools, St. Louis, 2005.
8. H. Mouratidis and P. Giorgini, "Security Attack Testing (SAT)-testing the security of information systems at design time," Information Systems, vol. 32, pp. 1166-1183, 2007.
9. X. Li and K. He, "A Unified Threat Model for Assessing Threat in Web Applications", in Proceeding of the 2nd International Conference on Information Security and Assurance, Korea, 2008, pp. 142-145.