Implementation support of security design patterns using test templates

Masatoshi Yoshizawa, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Research output: Contribution to journalArticle

    4 Citations (Scopus)

    Abstract

    Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

    Original languageEnglish
    Article number34
    JournalInformation (Switzerland)
    Volume7
    Issue number2
    DOIs
    Publication statusPublished - 2016 Jun 15

    Fingerprint

    Information science
    Software engineering
    Students
    Processing
    Experiments

    Keywords

    • Aspect-oriented programming
    • Model-based testing
    • Security patterns
    • Test-driven development

    ASJC Scopus subject areas

    • Information Systems

    Cite this

    Implementation support of security design patterns using test templates. / Yoshizawa, Masatoshi; Washizaki, Hironori; Fukazawa, Yoshiaki; Okubo, Takao; Kaiya, Haruhiko; Yoshioka, Nobukazu.

    In: Information (Switzerland), Vol. 7, No. 2, 34, 15.06.2016.

    Research output: Contribution to journalArticle

    Yoshizawa, Masatoshi ; Washizaki, Hironori ; Fukazawa, Yoshiaki ; Okubo, Takao ; Kaiya, Haruhiko ; Yoshioka, Nobukazu. / Implementation support of security design patterns using test templates. In: Information (Switzerland). 2016 ; Vol. 7, No. 2.
    @article{0a67f198d94e48dcb37cd48bdbedf9ff,
    title = "Implementation support of security design patterns using test templates",
    abstract = "Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an {"}aspect test template{"} to observe the internal processing and a {"}test case template{"}. Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.",
    keywords = "Aspect-oriented programming, Model-based testing, Security patterns, Test-driven development",
    author = "Masatoshi Yoshizawa and Hironori Washizaki and Yoshiaki Fukazawa and Takao Okubo and Haruhiko Kaiya and Nobukazu Yoshioka",
    year = "2016",
    month = "6",
    day = "15",
    doi = "10.3390/info7020034",
    language = "English",
    volume = "7",
    journal = "Information (Switzerland)",
    issn = "2078-2489",
    publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",
    number = "2",

    }

    TY - JOUR

    T1 - Implementation support of security design patterns using test templates

    AU - Yoshizawa, Masatoshi

    AU - Washizaki, Hironori

    AU - Fukazawa, Yoshiaki

    AU - Okubo, Takao

    AU - Kaiya, Haruhiko

    AU - Yoshioka, Nobukazu

    PY - 2016/6/15

    Y1 - 2016/6/15

    N2 - Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

    AB - Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

    KW - Aspect-oriented programming

    KW - Model-based testing

    KW - Security patterns

    KW - Test-driven development

    UR - http://www.scopus.com/inward/record.url?scp=84976597284&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84976597284&partnerID=8YFLogxK

    U2 - 10.3390/info7020034

    DO - 10.3390/info7020034

    M3 - Article

    AN - SCOPUS:84976597284

    VL - 7

    JO - Information (Switzerland)

    JF - Information (Switzerland)

    SN - 2078-2489

    IS - 2

    M1 - 34

    ER -