paper index | HOME

Title: Verification of Implementing Security Design Patterns Using a Test Template
Author(s): Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka.
Source: In Proceedings of International Conference on Availability, Reliability and Security (ARES 2014), pp. 178-183. IEEE Computer Society, CPS, 8-12 Sep. 2014, Fribourg, Switzerland.

patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the "aspect test template" to observe the internal processing and the "test case template". Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.
Related Paper(s):