Verifying implementation of security design patterns using a test template

Masatoshi Yoshizawa; Takanori Kobashi; Hironori Washizaki; Yoshiaki Fukazawa; Takao Okubo; Haruhiko Kaiya; Nobukazu Yoshioka

doi:10.1109/ARES.2014.31

Verifying implementation of security design patterns using a test template

Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

Original language	English
Title of host publication	Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	178-183
Number of pages	6
ISBN (Electronic)	9781479942237
DOIs	https://doi.org/10.1109/ARES.2014.31
Publication status	Published - 2014 Dec 9
Event	9th International Conference on Availability, Reliability and Security, ARES 2014 - Fribourg, Switzerland Duration: 2014 Sept 8 → 2014 Sept 12

Publication series

Name	Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

Conference

Conference	9th International Conference on Availability, Reliability and Security, ARES 2014
Country/Territory	Switzerland
City	Fribourg
Period	14/9/8 → 14/9/12

Keywords

Aspect-oriented programming
Model-based testing
Security patterns
Test-driven development

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality

Access to Document

10.1109/ARES.2014.31

Cite this

Yoshizawa, M., Kobashi, T., Washizaki, H., Fukazawa, Y., Okubo, T., Kaiya, H., & Yoshioka, N. (2014). Verifying implementation of security design patterns using a test template. In Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014 (pp. 178-183). [6980280] (Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ARES.2014.31

Verifying implementation of security design patterns using a test template. / Yoshizawa, Masatoshi; Kobashi, Takanori; Washizaki, Hironori et al.

Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 178-183 6980280 (Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yoshizawa, M, Kobashi, T, Washizaki, H , Fukazawa, Y, Okubo, T, Kaiya, H & Yoshioka, N 2014, Verifying implementation of security design patterns using a test template. in Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014., 6980280, Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014, Institute of Electrical and Electronics Engineers Inc., pp. 178-183, 9th International Conference on Availability, Reliability and Security, ARES 2014, Fribourg, Switzerland, 14/9/8. https://doi.org/10.1109/ARES.2014.31

Yoshizawa M, Kobashi T, Washizaki H , Fukazawa Y, Okubo T, Kaiya H et al. Verifying implementation of security design patterns using a test template. In Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 178-183. 6980280. (Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014). doi: 10.1109/ARES.2014.31

Yoshizawa, Masatoshi ; Kobashi, Takanori ; Washizaki, Hironori et al. / Verifying implementation of security design patterns using a test template. Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 178-183 (Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014).

@inproceedings{914616d66bb54ac49ac37ce44931e225,

title = "Verifying implementation of security design patterns using a test template",

abstract = "Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.",

keywords = "Aspect-oriented programming, Model-based testing, Security patterns, Test-driven development",

author = "Masatoshi Yoshizawa and Takanori Kobashi and Hironori Washizaki and Yoshiaki Fukazawa and Takao Okubo and Haruhiko Kaiya and Nobukazu Yoshioka",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 9th International Conference on Availability, Reliability and Security, ARES 2014 ; Conference date: 08-09-2014 Through 12-09-2014",

year = "2014",

month = dec,

day = "9",

doi = "10.1109/ARES.2014.31",

language = "English",

series = "Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "178--183",

booktitle = "Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014",

}

TY - GEN

T1 - Verifying implementation of security design patterns using a test template

AU - Yoshizawa, Masatoshi

AU - Kobashi, Takanori

AU - Washizaki, Hironori

AU - Fukazawa, Yoshiaki

AU - Okubo, Takao

AU - Kaiya, Haruhiko

AU - Yoshioka, Nobukazu

PY - 2014/12/9

Y1 - 2014/12/9

N2 - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

AB - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

KW - Aspect-oriented programming

KW - Model-based testing

KW - Security patterns

KW - Test-driven development

UR - http://www.scopus.com/inward/record.url?scp=84920564182&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84920564182&partnerID=8YFLogxK

U2 - 10.1109/ARES.2014.31

DO - 10.1109/ARES.2014.31

M3 - Conference contribution

AN - SCOPUS:84920564182

T3 - Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

SP - 178

EP - 183

BT - Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 9th International Conference on Availability, Reliability and Security, ARES 2014

Y2 - 8 September 2014 through 12 September 2014

ER -

Verifying implementation of security design patterns using a test template

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this