Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

A BDD-based Model Checker for the PEP Tool

PEP (Programming Environment based on Petri Nets) is a tool developed at the University of Hildesheim. It can be used for editing, simulating and verifying Petri nets, and for creating Petri nets from a program in an imperative programming language. For the verification task, model checkers are used to decide whether a given logical formula is true or false for a particular Petri net. A fairly new method in implementing model checkers, symbolic model checking, involves binary decision diagrams (BDDs), a data structure for representing considerably large state spaces. In the individual project described in this dissertation, a BDD-based model checker for the PEP tool was developed that can verify safe Petri nets. The model checker makes use of the SMV system, developed at the Carnegie Mellon University. In addition, a range of different modelling possibilities, model checking options and optimisation techniques is discussed and evaluated using examples like the dining philosophers probl..

Formally Testing Fail-Safety of Electronic Purse Protocols (Extended Abstract)

Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of securitycritical systems using the CASE tool AutoFocus. Cryptographic systems are formally specified with state transition diagrams, a notation for state machines in the AutoFocus system. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. In particular, we focus on the principle of fail-safety