Abstract
Many security problems only become apparent after software is deployed, and in many cases a failure has occurred prior to the awareness of the problem. Although many would argue that the simpler solution to the problem would be to test the software before deploying it. Although we support this argument, we understand that it is not necessarily applicable in a modern development environment. Software testing is labor intensive and is very expensive from a time and cost perspective. While much research has been undertake to automate software testing, very little has been directed at security testing. Additionally, the majority of these efforts have targeted low-level security (safety) instead of high-level security. In this paper, we present elements of a solution towards automation of testing security properties and for the generation of test data suites for detecting security vulnerabilities in software.
Chapter PDF
Similar content being viewed by others
References
Bird, D., Munoz, C.: Automatic generation of random self-checking test cases. IBM Systems J. 22(3), 229–245 (1982)
Boyer, R., Elspas, B., Levitt, K.: Select - a formal system for testing and debugging programs by symbolic execution. SIGPLAN Notices 10(6), 234–245 (1975)
Brandner, F., Ebner, D., Krall, A.: Compiler generation from structural architecture descriptions. In: Proceedings of the 2007 international conference on Compilers, architecture, and synthesis for embedded systems (September 2007)
Cadar, C., Engler, D.: Execution generated test cases: How to make systems code crash itself (March 2005)
Chakraborty, M., Chakraborty, U.: An analysis of linear ranking and binary tournament selection in genetic algorithms. In: International Conference on Information, Communications and Signal Processing. ICICS (September 1997)
Cigital and National Science Foundation. Genetic algorithms for software test data generation
Clarke, L.: A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering 2(3), 215–222 (1976)
Ferguson, R., Korel, B.: The chaining approach for software test data generation. In: ACM Transaction on Software Engineering and Methodology, vol. 5, pp. 63–86. ACM Press, New York (1996)
Godefroid, P., Klarlund, N., Sen, K.: Dart: Directed automated random testing (June 2005)
Korel, B.: Automated software test data generation. IEEE Transactions on Software Enfineering 16(8) (August 1990)
Korel, B., Harman, M., Chung, S., Apirukvorapinit, P., Gupta, R., Zhang, Q.: Data dependence based testability transformation in automated test generation. In: Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005) (2005)
Korel, B.: A dynamic approach of test data generation (1990)
Schneider, F.B.: Enforceable security policies. ACM Transaction of Information System Security (2000)
Yang, Z., Hanna, A., Debbabi, M.: Team edit automata for testing security property. In: Third International Symposium on Information Assurance and Security (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hanna, A., Ling, H.Z., Furlong, J., Debbabi, M. (2008). Towards Automation of Testing High-Level Security Properties. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)