Testing is a process of identifying defects and checking the performance functionalities present in a system. The main aim of testing is to identify the results when a specific data is given as input. But the threats present in the system may lead to system malfunctioning. So security testing is done to identify the vulnerable states in the system. It is a type of software testing that intends to identify uncover vulnerabilities of the system and to determine whether its data and resources are protected from intruders or not. Security testing focuses on the related risks present in the system. It covers basic security concepts namely confidentiality, integrity, authentication, authorization, availability and non-repudiation.
The concepts of security are applicable to real-time systems and so models of the system are needed for better testing which indeed leads to Model-Based Security Testing. It relies on models of a System Under Test (SUT) and its environment. Model-Based Security Testing is a combination of four approaches namely security testing, risk-oriented testing, model-based testing and test automation. Risk-oriented testing uses risk analysis results in test case identification, selection and assessment to prioritize and optimize the testing process.
Test automation is the process of controlling the execution of test cases and comparing actual outcomes with predicted outcomes automatically. Security testing is mainly done to cover the basic security concepts and to make a system less vulnerable from attacks. It is important to identify the threats associated with the system which identify vulnerabilities in the system.
Threat modeling is a procedure to optimize security by identifying objectives and vulnerabilities and then defining counter measures to prevent or mitigate the effects of the threats present in the system. There are three approaches to threat modeling - they are attacker centric, software centric and asset centric. Attacker centric threat modeling starts with an attacker and evaluates their goals. Software centric threat modeling starts from the design of a system and attempts to step through a model of the system looking for various attacks against each element of the node. Asset centric threat modeling involves starting from assets entrusted to a system. Since threats associated with the system must be identified, software centric approach is suitable for MBST because the entire system design is to be processed for different types of attacks present in the system. There are different types of threat modeling processes which are used to identify threats and to identify stakeholder's risk. There are two different Microsoft threat modeling processes are STRIDE and DREAD. STRIDE is an acronym of six types of threats; Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege. It is used to identify both technical and non-technical threats. DREAD stands for Damage, Reproducibility, Exploitability, Affected users and Discoverability. It is used for rating threats and also for quantifying, comparing and prioritizing the amount of risks associated with each threat. There is another threat modeling framework, similar to STRIDE and DREAD, called TRIKE. It is mainly used to reduce stake holder's risk.
Risk analysis is the quantitative analysis of risk present in a system. Risk analysis is done based on the threat modeling results. Risk analysis is performed to find the vulnerable states that need to be tested. Risk Driven Security Testing (RST) and Test Driven Security Risk Analysis (TSR) are the two approaches of risk analysis. Security risk analysis is a specialized risk analysis approach in which information security risk associated with the potential threats will be evaluated. In RST, security testing is supported by security risk assessment in order to make security testing more effective. The aim is to focus the security testing process to carry out security tests on the most important parts of the System Under Test, and to execute only the selected test cases. In TSR security risk analysis is supported by security testing in order to develop and/or validate risk models. The objective of TSR is to strengthen the correctness of the security risk analysis models.
Risk analysis uses risk metrics namely risk probability, risk impact and risk threshold. Risk probability is the possibility that a risk can occur. Risk impact is the damage made by the risk when it occurs. Risk threshold is the maximum limiting value up to which the risk can be tolerated. The product of risk probability and risk impact identifies the vulnerability of risk associated with the state.
Test cases are selected based on the risk analysis results so that the states with the high probability of risk must be tested. Risk analysis optimizes the test case selection and execution process. Reduction in original test suite is represented using Test Suite Reduction Rate (TSRR). The reduced test suite is subjected to coverage criteria in order to identify its coverage percentage to the entire system model. Coverage is the measure of the degree to which the system is tested. There are a number of coverage criteria namely statement coverage, function coverage, branch coverage, condition coverage and many more. Transition coverage is taken as the performance metric since each system model is represented in extended finite state machine (EFSM).
Finally, security testing on risk analysis using STRIDE approach has been taken as a proposal to reduce the test suite size and to test the most vulnerable states in a system by using risk metrics. The system is also evaluated by parameters namely TSRR and transition coverage to enhance the performance. This paper is organized as follows: the section 2 discusses about the related work, section 3 describes about the proposed work followed by implementation, next section 4 analyses the results with the system description, section 5 concludes the paper followed by references.