Model-Driven Engineering (MDE) is emerging as a promising approach that uses models to support various phases of system development lifecycle such as Code Generation and Verification/Validation (V &V). In this project, we develop model-driven methodologies for development of tests for testing the security functions of a product to make the security testing more cost efficient as well as effective in terms of providing the requisite assurance.
What is the Problem:
Why is NIST Involved:
Apart from publishing Conference and Journal papers that describe the model-driven security functional testing and developing proof of concept implementations, NIST applied the methodology to develop a suite of Smart Card Interface Conformance Tests (for conformance to FIPS 201 and SP 800-73 specifications) for the NIST Personal Identity Verification Program (http://csrc.nist.gov/groups/SNS/piv/npivp/index.html)
Lead Organizational Unit:ITL
Dr. Ramaswamy Chandramouli (Mouli)
Related Programs and Projects:
For more information regarding the Model Driven Security Functional Testing, please visit the Computer Security Resource Center (CSRC).
100 Bureau Drive