Reference : A Natural Language Programming Approach for Requirements-based Security Testing
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/36301
A Natural Language Programming Approach for Requirements-based Security Testing
English
Mai, Xuan Phu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Pastore, Fabrizio mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Göknil, Arda mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
In press
A Natural Language Programming Approach for Requirements-based Security Testing
Mai, Xuan Phu mailto
Pastore, Fabrizio mailto
Göknil, Arda mailto
Briand, Lionel mailto
IEEE
Yes
29th IEEE International Symposium on Software Reliability Engineering (ISSRE 2018)
October 15-18, 2018
[en] System Security Testing ; Natural Language Requirements ; Natural Language Processing
[en] To facilitate communication among stakeholders, software security requirements are typically written in natural language and capture both positive requirements (i.e., what the system is supposed to do to ensure security) and negative requirements (i.e., undesirable behavior undermining security).
In this paper, we tackle the problem of automatically generat- ing executable security test cases from security requirements in natural language (NL). More precisely, since existing approaches for the generation of test cases from NL requirements verify only positive requirements, we focus on the problem of generating test cases from negative requirements.
We propose, apply and assess Misuse Case Programming (MCP), an approach that automatically generates security test cases from misuse case specifications (i.e., use case specifications capturing the behavior of malicious users). MCP relies on natural language processing techniques to extract the concepts (e.g., inputs and activities) appearing in requirements specifications and generates executable test cases by matching the extracted concepts to the members of a provided test driver API. MCP has been evaluated in an industrial case study, which provides initial evidence of the feasibility and benefits of the approach.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/36301
H2020 ; 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Mai-ISSRE-CR-2018_copyrightIEEE.pdfAuthor preprint728.88 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.