Generating security tests in addition to functional tests

This paper is about generating security tests, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the adaptation layer developed for the functional testing, and relies on an additional security model. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach with experiments on IAS.