NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Combinatorial Security Testing Course

Published

Author(s)

Dimitris Simos, Yu Lei, D. Richard Kuhn, Raghu N. Kacker

Abstract

Combinatorial methods have attracted attention as a means of providing strong assurance at reduced cost, but when are these methods practical and cost-effective? This tutorial comprises two parts. The first introductory part will briefly explain the back- ground, process, and tools available for combinatorial testing, including illustrations based on industry's experience with the method. The main part, explains combinatorial testing-based techniques for effective security testing of software components and large-scale software systems. It will develop quality assurance and effective re- verification for security testing of web applications and security testing of operating systems. It will further address how combi- natorial testing can be applied to ensure proper error-handling of network security protocols and provide the theoretical guarantees for expelling Trojans injected in cryptographic hardware. Procedures and techniques, as well as workarounds will be presented and captured as guidelines for a broader audience. The tutorial is concluded with our vision for combinatorial security testing together with some current open research problems. The tutorial is designed for participants with a solid IT security background but will not assume any prior knowledge on combina- torial security testing. Thus, we will quickly advance our discussion into core aspects of this field. This tutorial is a modified version of the tutorial held at HVC2017 [19] and QRS2016 [23]. It incorporates feedback and customized content.
Conference Dates
April 10-11, 2018
Conference Location
Raleigh, NC, US
Conference Title
Hot Topics in the Science of Security
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/3190619.3190643
Local Download

Keywords

combinatorial testing, security testing, software quality assurance, security vulnerabilities
Information technology

Citation

Simos, D. , Lei, Y. , Kuhn, D. and Kacker, R. (2018), Combinatorial Security Testing Course, Hot Topics in the Science of Security, Raleigh, NC, US, [online], https://doi.org/10.1145/3190619.3190643, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925467 (Accessed October 20, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 10, 2018, Updated October 12, 2021
Was this page helpful?