Verifying implementation of security design patterns using a test template

Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Citations (Scopus)

    Abstract

    Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

    Original languageEnglish
    Title of host publicationProceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages178-183
    Number of pages6
    ISBN (Print)9781479942237
    DOIs
    Publication statusPublished - 2014 Dec 9
    Event9th International Conference on Availability, Reliability and Security, ARES 2014 - Fribourg
    Duration: 2014 Sep 82014 Sep 12

    Other

    Other9th International Conference on Availability, Reliability and Security, ARES 2014
    CityFribourg
    Period14/9/814/9/12

    Fingerprint

    Software engineering
    Processing

    Keywords

    • Aspect-oriented programming
    • Model-based testing
    • Security patterns
    • Test-driven development

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality

    Cite this

    Yoshizawa, M., Kobashi, T., Washizaki, H., Fukazawa, Y., Okubo, T., Kaiya, H., & Yoshioka, N. (2014). Verifying implementation of security design patterns using a test template. In Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014 (pp. 178-183). [6980280] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ARES.2014.31

    Verifying implementation of security design patterns using a test template. / Yoshizawa, Masatoshi; Kobashi, Takanori; Washizaki, Hironori; Fukazawa, Yoshiaki; Okubo, Takao; Kaiya, Haruhiko; Yoshioka, Nobukazu.

    Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 178-183 6980280.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Yoshizawa, M, Kobashi, T, Washizaki, H, Fukazawa, Y, Okubo, T, Kaiya, H & Yoshioka, N 2014, Verifying implementation of security design patterns using a test template. in Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014., 6980280, Institute of Electrical and Electronics Engineers Inc., pp. 178-183, 9th International Conference on Availability, Reliability and Security, ARES 2014, Fribourg, 14/9/8. https://doi.org/10.1109/ARES.2014.31
    Yoshizawa M, Kobashi T, Washizaki H, Fukazawa Y, Okubo T, Kaiya H et al. Verifying implementation of security design patterns using a test template. In Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 178-183. 6980280 https://doi.org/10.1109/ARES.2014.31
    Yoshizawa, Masatoshi ; Kobashi, Takanori ; Washizaki, Hironori ; Fukazawa, Yoshiaki ; Okubo, Takao ; Kaiya, Haruhiko ; Yoshioka, Nobukazu. / Verifying implementation of security design patterns using a test template. Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 178-183
    @inproceedings{914616d66bb54ac49ac37ce44931e225,
    title = "Verifying implementation of security design patterns using a test template",
    abstract = "Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.",
    keywords = "Aspect-oriented programming, Model-based testing, Security patterns, Test-driven development",
    author = "Masatoshi Yoshizawa and Takanori Kobashi and Hironori Washizaki and Yoshiaki Fukazawa and Takao Okubo and Haruhiko Kaiya and Nobukazu Yoshioka",
    year = "2014",
    month = "12",
    day = "9",
    doi = "10.1109/ARES.2014.31",
    language = "English",
    isbn = "9781479942237",
    pages = "178--183",
    booktitle = "Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Verifying implementation of security design patterns using a test template

    AU - Yoshizawa, Masatoshi

    AU - Kobashi, Takanori

    AU - Washizaki, Hironori

    AU - Fukazawa, Yoshiaki

    AU - Okubo, Takao

    AU - Kaiya, Haruhiko

    AU - Yoshioka, Nobukazu

    PY - 2014/12/9

    Y1 - 2014/12/9

    N2 - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

    AB - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

    KW - Aspect-oriented programming

    KW - Model-based testing

    KW - Security patterns

    KW - Test-driven development

    UR - http://www.scopus.com/inward/record.url?scp=84920564182&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84920564182&partnerID=8YFLogxK

    U2 - 10.1109/ARES.2014.31

    DO - 10.1109/ARES.2014.31

    M3 - Conference contribution

    SN - 9781479942237

    SP - 178

    EP - 183

    BT - Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -