Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Model-Based Approach to Security Test Automation

Published

Author(s)

Mark Blackburn, Robert Busser, Aaron Nauman, Ramaswamy Chandramouli

Abstract

Security functional testing is a costly activity typically performed by security evaluation laboratories. These laboratories have struggled to keep pace with increasing demand to test numerous product variations. This paper summarizes the results of applying a model-based approach to automate security functional testing. The approach involves developing models of security function specifications (SFS) as the basis for automatic test vector and test driver generation. In the application, security properties were modeled and the resulting tests were executed against Oracle and Interbase database engines through a fully automated process. The findings indicate the approach, proven successful in a variety of other application domains, provides a cost-effective solution to security functional testing.
Citation
International Software Quality Week

Keywords

security function specifications, security functional testing, test driver, test vectors

Citation

Blackburn, M. , Busser, R. , Nauman, A. and Chandramouli, R. (2002), Model-Based Approach to Security Test Automation, International Software Quality Week, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151237 (Accessed June 15, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 31, 2002, Updated October 12, 2021