Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Functional Testing Using an Interface-Driven Model-based Test Automation Approach

Published

Author(s)

Ramaswamy Chandramouli, Mark Blackburn

Abstract

Independent security functional testing on a product occupies a backseat in traditional security evaluation because of the cost and stringent coverage requirements. In this paper we present the details of an approach we have developed to automate security functional testing. The underlying framework is called TAF (Test Automation Framework) and the toolkit we have developed based on TAF we call it as TAF-SFT toolkit. The TAF-SFT toolkit uses the text-based specification of security functions provided by the product vendor and the requirements of the underlying security model to develop a machine-readable specification of security functions using the SCR (Software Cost Reduction) formal language. The resultant behavioral specification model is then processed through the TAF-SFT Toolkit to generate test vectors. The behavioral model and the test vectors are then combined with product interface specifications to automatically generate test drivers (test execution code). We illustrate the application of TAF-SFT toolkit for security functional of a commercial DBMS product. We also discuss the advantages and disadvantages of using TAF-SFT toolkit for security functional testing and the scenarios under which you minimize the impact of disadvantages.
Proceedings Title
18th Annual Computer Security Applications Conference (ACSAC)
Conference Dates
December 9-13, 2002
Conference Location
Las Vegas, NV, USA

Citation

Chandramouli, R. and Blackburn, M. (2002), Security Functional Testing Using an Interface-Driven Model-based Test Automation Approach, 18th Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, USA (Accessed October 10, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created December 8, 2002, Updated October 12, 2021