Towards Model-Based Automatic Testing of Attack Scenarios

机译：迈向基于模型的攻击场景自动测试

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Model-based testing techniques play a vital role in producing quality software. However, compared to the testing of functional requirements, these techniques are not prevalent that much in testing software security. This paper presents a model-based approach to automatic testing of attack scenarios. An attack testing framework is proposed to model attack scenarios and test the system with respect to the modeled attack scenarios. The techniques adopted in the framework are applicable in general to the systems, where the potential attack scenarios can be modeled in a formalism based on extended abstract state machines. The attack events, i.e., attack test vectors chosen from the attacks happening in real-world are converted to the test driver specific events ready to be tested against the attack signatures. The proposed framework is implemented and evaluated using the most common attack scenarios. The framework is useful to test software with respect to potential attacks which can significantly reduce the risk of security vulnerabilities.

机译：基于模型的测试技术在生产高质量软件中起着至关重要的作用。但是，与功能需求测试相比，这些技术在测试软件安全性方面并不普遍。本文提出了一种基于模型的方法来自动测试攻击场景。提出了一种攻击测试框架来对攻击场景进行建模，并针对建模的攻击场景对系统进行测试。框架中采用的技术通常适用于系统，在这种系统中，可以根据基于扩展抽象状态机的形式主义对潜在的攻击场景进行建模。攻击事件，即从现实世界中发生的攻击中选择的攻击测试向量，将转换为准备针对攻击特征进行测试的特定于测试驱动程序的事件。所提出的框架是使用最常见的攻击方案实施和评估的。该框架对于测试软件的潜在攻击很有用，可以显着降低安全漏洞的风险。

著录项

来源
《Computer safety, reliability, and security》|2009年|229-242|共14页
会议地点 Hamburg(DE);Hamburg(DE)
作者
M. Zulkernine; M.F. Raihan; M.G. Uddin;
展开▼
作者单位

School of Computing, Queen's University, Kingston, Ontario, Canada K7L 3N6;

School of Computing, Queen's University, Kingston, Ontario, Canada K7L 3N6;

Department of Electrical and Computer Engineering Queen's University, Kingston, Ontario, Canada K7L 3N6;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词

相似文献

外文文献
中文文献
专利

1. Model-Based Attack Detection and Mitigation for Automatic Generation Control [J] . Smart Grid, IEEE Transactions on . 2014,第2期

机译：用于自动发电控制的基于模型的攻击检测和缓解
2. Model-based automatic test case generation for automotive embedded software testing [J] . Shin Ki-Wook, Lim Dong-Jin International Journal of Automotive Technology . 2018,第1期

机译：用于汽车嵌入式软件测试的模型自动测试用例
3. On the effect of test-suite reduction on automatically generated model-based tests [J] . Mats P. E. Heimdahl, Devaraj George Automated software engineering . 2007,第1期

机译：关于减少测试套件对自动生成的基于模型的测试的影响
4. Towards Model-Based Automatic Testing of Attack Scenarios [C] . M. Zulkernine, M. F. Raihan, M. G. Uddin International Conference on Computer Safety, Reliability, and Security . 2009

机译：朝着基于模型的攻击场景自动测试
5. A novel Intrusion Detection System (IDS) architecture: Attack detection based on Snort for multistage attack scenarios in a multi-cores environment [D] . Pagna Disso de Muila, Jules Ferdinand 2010

机译：一种新颖的入侵检测系统（IDS）架构：基于Snort的攻击检测可在多核环境中进行多阶段攻击
6. Clinical judgment model-based nursing simulation scenario for patients with upper gastrointestinal bleeding: A mixed methods study [O] . AeRi Jang, Hyunyoung Park, César Leal-Costa, 2021

机译：上胃肠道出血患者的临床判断模型护理模拟情景：混合方法研究
7. A New Model-based Framework for Testing Security of IoT Systems in Smart Cities using Attack Trees and Price Timed Automata [O] . Moez Krichen, Roobaea Alroobaea 2019

机译：使用攻击树和价格定时自动机在智能城市中测试IOT系统安全性的新模型框架

Towards Model-Based Automatic Testing of Attack Scenarios

摘要

著录项

相似文献

相关主题

期刊订阅