TY - GEN
T1 - TESEM
T2 - 8th IEEE International Conference on Software Testing, Verification and Validation, ICST 2015
AU - Kobashi, Takanori
AU - Yoshizawa, Masatoshi
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
AU - Yoshioka, Nobukazu
AU - Okubo, Takano
AU - Kaiya, Haruhiko
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/5/5
Y1 - 2015/5/5
N2 - Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.
AB - Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.
KW - Component
KW - Model Testing
KW - Security Patterns
KW - Test-Driven Development
KW - UML
UR - http://www.scopus.com/inward/record.url?scp=84935039839&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84935039839&partnerID=8YFLogxK
U2 - 10.1109/ICST.2015.7102633
DO - 10.1109/ICST.2015.7102633
M3 - Conference contribution
AN - SCOPUS:84935039839
T3 - 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings
BT - 2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 April 2015 through 17 April 2015
ER -