Practical Security Testing of Telecommunications Software--A Case Study

2007 ◽  
Author(s):  
Reijo Savola ◽  
Kaarina Karppinen
Keyword(s):  
Security Testing ◽  
Practical Security

scholarly journals The Security Aspect of Applications in Kosovo Companies

2018 ◽  
Vol 13 (1) ◽  
pp. 221
Author(s):  
Festim Halili ◽  
Lirie Koraqi
Keyword(s):  
Web Applications ◽  
Research Problem ◽  
Security Testing ◽  
Theoretical Concepts ◽  
Software Applications ◽  
Study Case

This paper addresses the security aspects of the software applications in the framework of several entrepreneurship. It has a certain goal and structure, through which it modestly aims to present the security aspect of web applications in Kosovo companies. At first we tried to give some theoretical concepts about security in general and security testing in particular. The key research elaboration of the research problem addresses the security aspect in the sector of companies that develop applications and do their testing, here we will dwell on a case-study case of different companies in Kosovo. The purpose of this section is to argue the importance of security and its application to various companies.

Towards Test-Driven and Architecture Model-Based Security and Resilience Engineering

2013 ◽  
pp. 163-188
Author(s):  
Ayda Saidane ◽  
Nicolas Guelfi
Keyword(s):  
Software Systems ◽  
Critical Systems ◽  
Functional Requirements ◽  
Security Testing ◽  
Modeling Framework ◽  
Architecture Model ◽  
Model Based ◽  
Security Modeling

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Towards Test-Driven and Architecture Model-Based Security and Resilience Engineering

2014 ◽  
pp. 2072-2098
Author(s):  
Ayda Saidane ◽  
Nicolas Guelfi
Keyword(s):  
Software Systems ◽  
Critical Systems ◽  
Functional Requirements ◽  
Security Testing ◽  
Modeling Framework ◽  
Architecture Model ◽  
Model Based ◽  
Security Modeling

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Measuring Security

2021 ◽  
pp. 1303-1330
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

scholarly journals Masking in Fine-Grained Leakage Models: Construction, Implementation and Verification

2021 ◽  
pp. 189-228
Author(s):  
Gilles Barthe ◽  
Marc Gourjon ◽  
Benjamin Grégoire ◽  
Maximilian Orlt ◽  
Clara Paglialonga ◽  
...  
Keyword(s):  
Formal Verification ◽  
Domain Specific Language ◽  
New Approach ◽  
Fine Grained ◽  
Domain Specific ◽  
Practical Evaluation ◽  
First Time ◽  
Practical Security ◽  
Provably Secure

We propose a new approach for building efficient, provably secure, and practically hardened implementations of masked algorithms. Our approach is based on a Domain Specific Language in which users can write efficient assembly implementations and fine-grained leakage models. The latter are then used as a basis for formal verification, allowing for the first time formal guarantees for a broad range of device-specific leakage effects not addressed by prior work. The practical benefits of our approach are demonstrated through a case study of the PRESENT S-Box: we develop a highly optimized and provably secure masked implementation, and show through practical evaluation based on TVLA that our implementation is practically resilient. Our approach significantly narrows the gap between formal verification of masking and practical security.

Sign in / Sign up

Export Citation Format

Share Document