Model-based Security Testing Using UMLsec A Case Study

AbstractDesigning and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard

Model-Based Testing of Cryptographic Protocols

Abstract. Modeling is a popular way of representing the behavior of a system. A very useful type of model in computing is an abstract state machine which describes transitions over first order structures. The general purpose model-based testing tool SpecExplorer (used within Microsoft, also available externally) uses such a model, written in AsmL or Spec#, to perform a search that checks that all reachable states of the model are safe, and also to check conformance of an arbitrary.NET implementation to the model. Spec Explorer provides a variety of ways to cut down the state space of the model, for instance by finitizing parameter domains or by providing predicate abstraction. It has already found subtle bugs in production software. First order structures and abstract state machines over them are also a useful way to think about cryptographic protocols, since models formulated in these terms arise by natural abstraction from computational cryptography