-
CS Colloquium - Matthias Buechler: Security Testing with Fault-Models and Properties
Wed, Oct 09, 2013 @ 06:15 PM - 08:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Matthias Buechler, Technical University Munich (Technische Universität München)
Talk Title: Security Testing with Fault-Models and Properties
Series: CS Colloquium
Abstract: Web applications are complex and face a massive amount of sophisticated attacks. Since manually testing web applications for security issues is hard and time consuming, automated testing is preferable. In model-based testing, test cases are often generated using structural criteria. Since such test cases do not directly target security properties, my Ph.D thesis proposes to use a fault model for generating tests for web applications. Faults are represented as known source code vulnerabilities that, by using respective mutation operators at the model level, are injected into models of a System Under Validation to generate “interesting” test cases. To achieve this, advantages of penetration testing are combined with model-checkers dedicated to security analysis. To find attacks on real systems the gap between an abstract attack trace output by a model-checker and a penetration test needs to be addressed. My Ph.D thesis contributes with a semi-automatic methodology to turn abstract attack traces operational.
Host: William GJ Halfond
Location: Henry Salvatori Computer Science Center (SAL) - 322
Audiences: Everyone Is Invited
Contact: Assistant to CS chair
