TY - GEN
T1 - Verifying implementation of security design patterns using a test template
AU - Yoshizawa, Masatoshi
AU - Kobashi, Takanori
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
AU - Okubo, Takao
AU - Kaiya, Haruhiko
AU - Yoshioka, Nobukazu
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/9
Y1 - 2014/12/9
N2 - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.
AB - Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the 'aspect test template' to observe the internal processing and the 'test case template'. Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.
KW - Aspect-oriented programming
KW - Model-based testing
KW - Security patterns
KW - Test-driven development
UR - http://www.scopus.com/inward/record.url?scp=84920564182&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84920564182&partnerID=8YFLogxK
U2 - 10.1109/ARES.2014.31
DO - 10.1109/ARES.2014.31
M3 - Conference contribution
AN - SCOPUS:84920564182
T3 - Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014
SP - 178
EP - 183
BT - Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 9th International Conference on Availability, Reliability and Security, ARES 2014
Y2 - 8 September 2014 through 12 September 2014
ER -