Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Combinatorial Security Testing Course

Published

Author(s)

Dimitris Simos, Yu Lei, D. Richard Kuhn, Raghu N. Kacker

Abstract

Combinatorial methods have attracted attention as a means of providing strong assurance at reduced cost, but when are these methods practical and cost-effective? This tutorial comprises two parts. The first introductory part will briefly explain the back- ground, process, and tools available for combinatorial testing, including illustrations based on industry's experience with the method. The main part, explains combinatorial testing-based techniques for effective security testing of software components and large-scale software systems. It will develop quality assurance and effective re- verification for security testing of web applications and security testing of operating systems. It will further address how combi- natorial testing can be applied to ensure proper error-handling of network security protocols and provide the theoretical guarantees for expelling Trojans injected in cryptographic hardware. Procedures and techniques, as well as workarounds will be presented and captured as guidelines for a broader audience. The tutorial is concluded with our vision for combinatorial security testing together with some current open research problems. The tutorial is designed for participants with a solid IT security background but will not assume any prior knowledge on combina- torial security testing. Thus, we will quickly advance our discussion into core aspects of this field. This tutorial is a modified version of the tutorial held at HVC2017 [19] and QRS2016 [23]. It incorporates feedback and customized content.
Conference Dates
April 10-11, 2018
Conference Location
Raleigh, NC, US
Conference Title
Hot Topics in the Science of Security

Keywords

combinatorial testing, security testing, software quality assurance, security vulnerabilities

Citation

Simos, D. , Lei, Y. , Kuhn, D. and Kacker, R. (2018), Combinatorial Security Testing Course, Hot Topics in the Science of Security, Raleigh, NC, US, [online], https://doi.org/10.1145/3190619.3190643, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925467 (Accessed April 21, 2024)
Created April 10, 2018, Updated October 12, 2021