scholarly journals A Model Based Security Testing Method for Protocol Implementation

2014 ◽  
Vol 2014 ◽  
pp. 1-10 ◽  
Author(s):  
Yu Long Fu ◽  
Xiao Long Xin
Keyword(s):  
Security Protocol ◽  
Automatic Verification ◽  
Test Cases ◽  
Extended Model ◽  
Security Testing ◽  
Penetration Testing ◽  
Protocol Implementation ◽  
Verification Method ◽  
Testing Method ◽  
Specific Protocol

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

Reusing Existing Test Cases for Security Testing

2008 ◽  
Author(s):  
Dazhi Zhang ◽  
Wenhua Wang ◽  
Donggang Liu ◽  
Yu Lei ◽  
David Kung
Keyword(s):  
Test Cases ◽  
Security Testing

A New Security Testing Method and its Application to the Secure Xenix Kernel

1986 ◽  
Author(s):  
V.D. Gligor ◽  
C.S. Chandersekaran ◽  
W. Cheng ◽  
W.D. Jiang ◽  
A. Johri ◽  
...  
Keyword(s):  
Security Testing ◽  
Testing Method

A New Security Testing Method and Its Application to the Secure Xenix Kernel

1987 ◽  
Vol SE-13 (2) ◽  
pp. 169-183 ◽  
Author(s):  
V.D. Gligor ◽  
C.S. Chandersekaran ◽  
Wen-Der Jiang ◽  
A. Johri ◽  
G.L. Luckenbaugh ◽  
...  
Keyword(s):  
Security Testing ◽  
Testing Method

scholarly journals On Formal and Automatic Security Verification of WSN Transport Protocols

2014 ◽  
Vol 2014 ◽  
pp. 1-20 ◽  
Author(s):  
Vinh Thong Ta ◽  
Levente Buttyán ◽  
Amit Dvir
Keyword(s):  
Wireless Sensor Networks ◽  
Real Time ◽  
Formal Language ◽  
Process Analysis ◽  
Automatic Verification ◽  
Wireless Sensor ◽  
Behavioral Characteristics ◽  
Transport Protocols ◽  
Verification Method ◽  
Security Verification

We address the problem of formal and automated security verification of transport protocols for wireless sensor networks (WSN) that may perform cryptographic operations. The verification of this class of protocols is difficult because they typically consist of complex behavioral characteristics, such as real-time, probabilistic, and cryptographic operations. To solve this problem, we propose a probabilistic timed calculus for cryptographic protocols and demonstrate how to use this formal language for proving security or vulnerability of protocols. The main advantage of the proposed language is that it supports an expressive syntax and semantics, allowing for studying real-time, probabilistic, and cryptographic issues at the same time. Hence, it can be used to verify systems that involve these three properties in a convenient way. In addition, we propose an automatic verification method, based on the well-known PAT process analysis toolkit, for this class of protocols. For demonstration purposes, we apply the proposed manual and automatic proof methods for verifying the security of DTSN and SDTP, which are two of the recently proposed WSN transport protocols.

scholarly journals Criteria and Parameters for Estimating Quality of Penetration Testing

2021 ◽  
pp. 43-57
Author(s):  
Sergey Makarenko ◽  
Keyword(s):  
Critical Infrastructure ◽  
Quality Criterion ◽  
Testing Procedure ◽  
Impact Testing ◽  
Security Testing ◽  
Penetration Testing ◽  
Security Issues ◽  
Efficiency Cost ◽  
Test Sets

Relevance. Security issues of information systems in critical infrastructure objects become important now. However, current tasks of information security audit of critical infrastructure objects are mainly limited to checking them for compliance with requirements of standards and documents. With this approach to the audit, security of these objects from real attacks by hackers remains unclear. Therefore, objects are subjected to a testing procedure, namely, penetration testing, in order to objectively verify their security. An analysis of publications in this area shows that there is not mathematical approaches to selection of tests, as well as parameters and criteria for evaluating the effectiveness of penetration testing. The goals of the paper is to form specific parameters of completeness, efficiency, reliability and cost of testing, as well as, in a generalized form, a group of criteria “efficiency/cost”, allowing to estimate the quality of test sets, as well as to compare different penetration testing scenarios with each other. Research methods. Methods of probability theory and mathematical statistics, methods of processing experimental data, as well as the results of other studies in the field of software security testing are used in the paper to achieve the research goals. Results. The general form of the “efficiency/cost” criteria for estimating the quality of penetration testing, as well as formal particular parameters for evaluating separate parameters in the proposed criteria – the parameters of completeness, efficiency, reliability and cost are presented in the paper. The results of the paper can be used by auditors and testers to objectively justify test sets and compare different penetration testing scenarios with each other. The material of the paper can be useful for specialists who make research is such an area as penetration testing. Keywords: penetration testing, information technology impact, testing quality criterion, testing quality, testing completeness, testing efficiency, testing reliability, testing cost.

Sign in / Sign up

Export Citation Format

Share Document