A Formal Approach to Distributed System Security Test Generation
Vladimir A. Khlevnoy , Andrey A. Shchurov. "A Formal Approach to Distributed System Security Test Generation". International Journal of Computer Trends and Technology (IJCTT) V16(3):121-127, Oct 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.
Abstract -
Deployment of distributed systems sets high requirements for procedures for the security testing of these systems. This work introduces: (1) a list of typical threats based on standards and actual practices; (2) an extended six-layered model for test generation mission on the basis of technical specifications and end-user requirements. Based on the list of typical threats and the multilayer model, we describe a formal approach to the automated design and generation of security mechanisms checklists for complex distributed systems.
References
[1] N. G. Leveson, Safeware: system safety and computers, ACM, 1995.
[2] A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 5th ed., Prentice Hall Press, 2011.
[3] A. S. Tanenbaum and M. v. Steen, Distributed Systems: Principles and Paradigms, 3rd ed., Prentice Hall Press, 2013.
[4] ITU-T, ITU-T Rec. X.805 - Security Architecture for Systems Providing End-to-End Communications, 2003.
[5] ISO/IEC, ISO/IEC 27005 "Information technology - Security techniques - Information security risk management", 2011.
[6] D. Wright, K. Wadhwa, M. Lagazio, C. Raab and C. Eric, "Privacy impact assessment and risk management," 2013.
[7] K. Kiran, S. Mukkamala, A. Katragadda and D. Reddy, "Performance And Analysis Of Risk Assessment Methodologies In Information Security," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 10, pp. 3685-3692, 2013.
[8] EBIOS. [Online]. Available: http://www.ssi.gouv.fr/.
[9] IRAM. [Online]. Available: https://www.securityforum.org/tools/isf-risk-manager/.
[10] BSI-2-100, Bundesamt fur Sicherheit in der Informationstechnik. BSI-2-100 IT-Grundschutz Methodology, 2008.
[11] MAGERIT. [Online]. Available: http://www.csi.map.es/csi/pg5m20.htm.
[12] Mehari. [Online]. Available: http://www.clusif.asso.fr/en/clusif/present/.
[13] A. J. Dorofee and C. J. Alberts, "OCTAVE Method Implementation Guide Version 2.0," 2001.
[14] G. Bernot, M.-C. Gaudel and B. Marre, "Software testing based on formal specifications: a theory and a tool," Software Engineering Journal, vol. 6, pp. 387-405, 1991.
[15] J. Dick and A. Faivre, "Automating the Generation and Sequencing of Test Cases from Model-Based Specifications," in Proceedings of the First International Symposium of Formal Methods Europe on Industrial-Strength Formal Methods, 1993.
[16] M. R. Donat, "Automating formal specification-based testing," in TAPSOFT `97: Theory and Practice of Software Development, 7th International Joint Conference CAAP/FASE, 1997.
[17] Hyoung Seok Hong, Sung-Deok Cha, Insup Lee, O. Sokolsky and H. Ural, "Data flow testing as model checking," in Software Engineering, 2003. Proceedings. 25th International Conference on, 2003.
[18] Shaoying Liu and Wuwei Shen, "A formal approach to testing programs in practice," in Systems and Informatics (ICSAI), 2012 International Conference on, 2012.
[19] A. A. Shchurov and R. Ma?ík, "A Formal Approach to Distributed System Tests Design," International Journal of Computer and Information Technology, vol. 3, no. 4, pp. 696-705, 2014.
[20] J. Liu and E. A. Lee, "A component-based approach to modeling and simulating mixed-signal and hybrid systems," ACM Trans. Model. Comput. Simul., vol. 12, pp. 343-368, October 2002.
[21] M. Torngren, DeJiu Chen and I. Crnkovic, "Component-based vs. model-based development: a comparison in the context of vehicular embedded systems," in Software Engineering and Advanced Applications, 2005. 31st EUROMICRO Conference on, 2005.
[22] A. A. Shchurov, "A Formal Model of Distributed Systems For Test Generation Missions," International Journal of Computer Trends and Technology (IJCTT), vol. 15, no. 3, pp. 128-133, 2014.
[23] J. D. McCabe, Network Analysis, Architecture, and Design, 3rd ed., Morgan Kaufmann Publishers, 2007.
[24] ISO/IEC, ITU-T Rec. X.901-904 - ISO/IEC 10746 Information technology - The Reference Model of Open Distributed Processing (RM-ODP), 1998.
[25] R. M. Hierons, K. Bogdanov, J. P. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Luttgen, A. J. H. Simons, S. Vilkomir, M. R. Woodward and H. Zedan, "Using formal specifications to support testing," ACM Comput. Surv., vol. 41, pp. 9:1-9:76, February 2009.
[26] D. K. Pradhan, Ed., Fault-tolerant computer system design, Prentice-Hall, 1996.
[27] BSI-TC, Bundesamt fur Sicherheit in der Informationstechnik, 2011.
[28] S. Delgado, "Designing Modular Software Architectures for Next-Generation Heterogeneous Networked Test Systems," in Autotestcon, 2006 IEEE, 2006, pp. 461-466.
[29] "Converged Plantwide Ethernet (CPwE) Design and Implementation Guide," 2011.
Keywords
distributed systems, security testing, formal approaches