Title:
Verification of Implementing Security Design Patterns Using a Test Template
Author(s):
Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka.
Source:
In Proceedings of International Conference on Availability, Reliability and Security
(ARES 2014),
pp. 178-183. IEEE Computer Society, CPS,
8-12 Sep. 2014, Fribourg, Switzerland.
Abstract:
patterns contain security expert
knowledge to support software developers, these patterns may be
inappropriately applied because most developers are not security
specialists, leading to threats and vulnerabilities. Here we
propose a validation method for security design patterns in the
implementation phase of software development. Our method
creates a test template from a security design pattern, which
consists of the "aspect test template" to observe the internal
processing and the "test case template". Providing design
information creates a test from the test template. Because a test
template is recyclable, it can create easily a test, which can
validate the security design patterns. As a case study, we applied
our method to a web system. The result shows that our method
can test repetition in the early stage of implementation, verify
pattern applications, and assess whether vulnerabilities are
resolved.
Related Paper(s):