Integrating threat modeling and automated test case generation into industrialized software security testing
|S. Marksteiner, R. Ramler, H. Sochor. Integrating threat modeling and automated test case generation into industrialized software security testing. pages article no. 25, DOI https://doi.org/10.1145/3360664.3362698, 11, 2019.|
|Buch||Proceedings of the 3rd Central European Cybersecurity Conference (CECC 2019)|
|Seiten||article no. 25|
Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.