Integrating threat modeling and automated test case generation into industrialized software security testing

Authors Stefan Marksteiner
Rudolf Ramler
Hannes Sochor
Editors
Title Integrating threat modeling and automated test case generation into industrialized software security testing
Booktitle Proceedings of the 3rd Central European Cybersecurity Conference (CECC 2019)
Type in proceedings
Publisher ACM
ISBN 978-1-4503-7296-1
DOI 10.1145/3360664.3362698
Month November
Year 2019
Pages article no. 25
SCCH ID# 19077
Abstract

Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.