TESEM: A tool for verifying security design pattern applications by model testing

Takanori Kobashi, Masatoshi Yoshizawa, Hironori Washizaki, Yoshiaki Fukazawa, Nobukazu Yoshioka, Takano Okubo, Haruhiko Kaiya

    研究成果: Conference contribution

    5 引用 (Scopus)

    抄録

    Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

    元の言語English
    ホスト出版物のタイトル2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings
    出版者Institute of Electrical and Electronics Engineers Inc.
    ISBN(印刷物)9781479971251
    DOI
    出版物ステータスPublished - 2015 5 5
    イベント8th IEEE International Conference on Software Testing, Verification and Validation, ICST 2015 - Graz, Austria
    継続期間: 2015 4 132015 4 17

    Other

    Other8th IEEE International Conference on Software Testing, Verification and Validation, ICST 2015
    Austria
    Graz
    期間15/4/1315/4/17

    Fingerprint

    Testing

    ASJC Scopus subject areas

    • Software

    これを引用

    Kobashi, T., Yoshizawa, M., Washizaki, H., Fukazawa, Y., Yoshioka, N., Okubo, T., & Kaiya, H. (2015). TESEM: A tool for verifying security design pattern applications by model testing. : 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings [7102633] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICST.2015.7102633

    TESEM : A tool for verifying security design pattern applications by model testing. / Kobashi, Takanori; Yoshizawa, Masatoshi; Washizaki, Hironori; Fukazawa, Yoshiaki; Yoshioka, Nobukazu; Okubo, Takano; Kaiya, Haruhiko.

    2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2015. 7102633.

    研究成果: Conference contribution

    Kobashi, T, Yoshizawa, M, Washizaki, H, Fukazawa, Y, Yoshioka, N, Okubo, T & Kaiya, H 2015, TESEM: A tool for verifying security design pattern applications by model testing. : 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings., 7102633, Institute of Electrical and Electronics Engineers Inc., 8th IEEE International Conference on Software Testing, Verification and Validation, ICST 2015, Graz, Austria, 15/4/13. https://doi.org/10.1109/ICST.2015.7102633
    Kobashi T, Yoshizawa M, Washizaki H, Fukazawa Y, Yoshioka N, Okubo T その他. TESEM: A tool for verifying security design pattern applications by model testing. : 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2015. 7102633 https://doi.org/10.1109/ICST.2015.7102633
    Kobashi, Takanori ; Yoshizawa, Masatoshi ; Washizaki, Hironori ; Fukazawa, Yoshiaki ; Yoshioka, Nobukazu ; Okubo, Takano ; Kaiya, Haruhiko. / TESEM : A tool for verifying security design pattern applications by model testing. 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2015.
    @inproceedings{115aa4101bcd4ba4a884d5c40b04fc6a,
    title = "TESEM: A tool for verifying security design pattern applications by model testing",
    abstract = "Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.",
    keywords = "Component, Model Testing, Security Patterns, Test-Driven Development, UML",
    author = "Takanori Kobashi and Masatoshi Yoshizawa and Hironori Washizaki and Yoshiaki Fukazawa and Nobukazu Yoshioka and Takano Okubo and Haruhiko Kaiya",
    year = "2015",
    month = "5",
    day = "5",
    doi = "10.1109/ICST.2015.7102633",
    language = "English",
    isbn = "9781479971251",
    booktitle = "2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - TESEM

    T2 - A tool for verifying security design pattern applications by model testing

    AU - Kobashi, Takanori

    AU - Yoshizawa, Masatoshi

    AU - Washizaki, Hironori

    AU - Fukazawa, Yoshiaki

    AU - Yoshioka, Nobukazu

    AU - Okubo, Takano

    AU - Kaiya, Haruhiko

    PY - 2015/5/5

    Y1 - 2015/5/5

    N2 - Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

    AB - Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

    KW - Component

    KW - Model Testing

    KW - Security Patterns

    KW - Test-Driven Development

    KW - UML

    UR - http://www.scopus.com/inward/record.url?scp=84935039839&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84935039839&partnerID=8YFLogxK

    U2 - 10.1109/ICST.2015.7102633

    DO - 10.1109/ICST.2015.7102633

    M3 - Conference contribution

    AN - SCOPUS:84935039839

    SN - 9781479971251

    BT - 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -