Verifying implementation of security design patterns using a test template

Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

Original languageEnglish
Title of host publicationProceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages178-183
Number of pages6
ISBN (Electronic)9781479942237
DOIs
Publication statusPublished - 2014 Dec 9
Event9th International Conference on Availability, Reliability and Security, ARES 2014 - Fribourg, Switzerland
Duration: 2014 Sep 82014 Sep 12

Publication series

NameProceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

Conference

Conference9th International Conference on Availability, Reliability and Security, ARES 2014
CountrySwitzerland
CityFribourg
Period14/9/814/9/12

Keywords

  • Aspect-oriented programming
  • Model-based testing
  • Security patterns
  • Test-driven development

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Verifying implementation of security design patterns using a test template'. Together they form a unique fingerprint.

  • Cite this

    Yoshizawa, M., Kobashi, T., Washizaki, H., Fukazawa, Y., Okubo, T., Kaiya, H., & Yoshioka, N. (2014). Verifying implementation of security design patterns using a test template. In Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014 (pp. 178-183). [6980280] (Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ARES.2014.31