Integrating threat modeling and automated test case generation into industrialized software security testing

S. Marksteiner, R. Ramler, H. Sochor. Integrating threat modeling and automated test case generation into industrialized software security testing. pages article no. 25, DOI 10.1145/3360664.3362698, 11, 2019.

Autoren
  • Stefan Marksteiner
  • Rudolf Ramler
  • Hannes Sochor
BuchProceedings of the 3rd Central European Cybersecurity Conference (CECC 2019)
TypIn Konferenzband
VerlagACM
DOI10.1145/3360664.3362698
ISBN978-1-4503-7296-1
Monat11
Jahr2019
Seitenarticle no. 25
Abstract

Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.