A Formal Approach to Distributed System Security Test Generation
||International Journal of Computer Trends and Technology (IJCTT)|
|© 2014 by IJCTT Journal|
|Year of Publication : 2014|
|Authors : Vladimir A. Khlevnoy , Andrey A. Shchurov|
|DOI : 10.14445/22312803/IJCTT-V16P130|
Vladimir A. Khlevnoy , Andrey A. Shchurov. "A Formal Approach to Distributed System Security Test Generation". International Journal of Computer Trends and Technology (IJCTT) V16(3):121-127, Oct 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.
Deployment of distributed systems sets high requirements for procedures for the security testing of these systems. This work introduces: (1) a list of typical threats based on standards and actual practices; (2) an extended six-layered model for test generation mission on the basis of technical specifications and end-user requirements. Based on the list of typical threats and the multilayer model, we describe a formal approach to the automated design and generation of security mechanisms checklists for complex distributed systems.
 N. G. Leveson, Safeware: system safety and computers, ACM, 1995.
 A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 5th ed., Prentice Hall Press, 2011.
 A. S. Tanenbaum and M. v. Steen, Distributed Systems: Principles and Paradigms, 3rd ed., Prentice Hall Press, 2013.
 ITU-T, ITU-T Rec. X.805 - Security Architecture for Systems Providing End-to-End Communications, 2003.
 ISO/IEC, ISO/IEC 27005 "Information technology - Security techniques - Information security risk management", 2011.
 D. Wright, K. Wadhwa, M. Lagazio, C. Raab and C. Eric, "Privacy impact assessment and risk management," 2013.
 K. Kiran, S. Mukkamala, A. Katragadda and D. Reddy, "Performance And Analysis Of Risk Assessment Methodologies In Information Security," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 10, pp. 3685-3692, 2013.
 EBIOS. [Online]. Available: http://www.ssi.gouv.fr/.
 IRAM. [Online]. Available: https://www.securityforum.org/tools/isf-risk-manager/.
 BSI-2-100, Bundesamt fur Sicherheit in der Informationstechnik. BSI-2-100 IT-Grundschutz Methodology, 2008.
 MAGERIT. [Online]. Available: http://www.csi.map.es/csi/pg5m20.htm.
 Mehari. [Online]. Available: http://www.clusif.asso.fr/en/clusif/present/.
 A. J. Dorofee and C. J. Alberts, "OCTAVE Method Implementation Guide Version 2.0," 2001.
 G. Bernot, M.-C. Gaudel and B. Marre, "Software testing based on formal specifications: a theory and a tool," Software Engineering Journal, vol. 6, pp. 387-405, 1991.
 J. Dick and A. Faivre, "Automating the Generation and Sequencing of Test Cases from Model-Based Specifications," in Proceedings of the First International Symposium of Formal Methods Europe on Industrial-Strength Formal Methods, 1993.
 M. R. Donat, "Automating formal specification-based testing," in TAPSOFT `97: Theory and Practice of Software Development, 7th International Joint Conference CAAP/FASE, 1997.
 Hyoung Seok Hong, Sung-Deok Cha, Insup Lee, O. Sokolsky and H. Ural, "Data flow testing as model checking," in Software Engineering, 2003. Proceedings. 25th International Conference on, 2003.
 Shaoying Liu and Wuwei Shen, "A formal approach to testing programs in practice," in Systems and Informatics (ICSAI), 2012 International Conference on, 2012.
 A. A. Shchurov and R. Ma?ík, "A Formal Approach to Distributed System Tests Design," International Journal of Computer and Information Technology, vol. 3, no. 4, pp. 696-705, 2014.
 J. Liu and E. A. Lee, "A component-based approach to modeling and simulating mixed-signal and hybrid systems," ACM Trans. Model. Comput. Simul., vol. 12, pp. 343-368, October 2002.
 M. Torngren, DeJiu Chen and I. Crnkovic, "Component-based vs. model-based development: a comparison in the context of vehicular embedded systems," in Software Engineering and Advanced Applications, 2005. 31st EUROMICRO Conference on, 2005.
 A. A. Shchurov, "A Formal Model of Distributed Systems For Test Generation Missions," International Journal of Computer Trends and Technology (IJCTT), vol. 15, no. 3, pp. 128-133, 2014.
 J. D. McCabe, Network Analysis, Architecture, and Design, 3rd ed., Morgan Kaufmann Publishers, 2007.
 ISO/IEC, ITU-T Rec. X.901-904 - ISO/IEC 10746 Information technology - The Reference Model of Open Distributed Processing (RM-ODP), 1998.
 R. M. Hierons, K. Bogdanov, J. P. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Luttgen, A. J. H. Simons, S. Vilkomir, M. R. Woodward and H. Zedan, "Using formal specifications to support testing," ACM Comput. Surv., vol. 41, pp. 9:1-9:76, February 2009.
 D. K. Pradhan, Ed., Fault-tolerant computer system design, Prentice-Hall, 1996.
 BSI-TC, Bundesamt fur Sicherheit in der Informationstechnik, 2011.
 S. Delgado, "Designing Modular Software Architectures for Next-Generation Heterogeneous Networked Test Systems," in Autotestcon, 2006 IEEE, 2006, pp. 461-466.
 "Converged Plantwide Ethernet (CPwE) Design and Implementation Guide," 2011.
distributed systems, security testing, formal approaches