Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)

Aiman Hanna,Hai Zhou Ling,Jason Furlong,Zhenrong Yang,Mourad Debbabi

Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)

2008

Aiman Hanna
Hai Zhou Ling
Jason Furlong
Zhenrong Yang
Mourad Debbabi

In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.

Keywords:

Real-time computing
Security testing
Computer security model
Software
Vulnerability (computing)
Test data generation
Vulnerability management
Computer science
Security information and event management
Software security assurance
Chaining
Computer security

Correction
Source
Cite
Save
Machine Reading By IdeaReader

References

Citations