Workshop STV’12

 

STV’12: System Testing and Validation Workshop

Model-Based Software Security Testing

Wednesday, October 24, 2012

 

Software security testing is an area which has for decades been the focus of many research efforts. Yet, due to new challenges resulting from new development processes, such as SCRUM used in agile development and new aspects of large scale system integration, the need for efficient testing has been seeing much present research. That is why this workshop will bring together researchers and practitioners in software security testing. The goal of the workshop is to provide a forum for presenting and discussing work in progress, or ideas for future research in response to future trends.

Workshop Program

9:00 – 10:30 Session W1: Concepts

  • Model-based Testing – From Safety to Security. Josip Bozic, Franz Wotawa - Technische Universität Graz (A)
  • Conceptual Framework for Security Testing, Security Risk Analysis and Their Combinations. Yan Li – SINTEF (N)
  • Online Network Traffic Security Inspection Using MMT Tool. Wissam Mallouli, Bachar Wehbi, Edgardo Montes de Oca – Montimage (F), Michel Bourdellès, Denis Rocher, Arnaud Baloche - THALES Communications (F)

11:00 – 12:30 Session W2: Fuzzing approaches

  • The Network Hoover: Visual Proxy Based Fuzzing. Christian Wieser, Henri Timonen, Juha Röning – OUSPG (Fi)
  • Model based Behavioural Fuzzing. Martin Schneider – Fraunhofer FOKUS (D)
  • Setting trust evaluations with fuzzy logic in MOE. Khalifa Toumi - TELECOM SudParis(F), César Andrésy - Universidad Complutense de Madrid (E), Ana Cavalli - TELECOMSudParis (F)

– lunch break –

14:00 – 15:30 Session W3: Tools

  • ASA: An advisory system for securing software architecture. Wihem Arsac, Cédric Hébert, Elton Mathias, Gilles Montagnon and Jakub Sendor - SAP (F)
  • A Traceability Tool as an Integration Platform for Security Related Applications. Michael Berger – Fraunhofer FOKUS (D)
  • Experiment on Using Model-Based Testing for Automatic Tests Generation on a Software Radio Protocol. Shuai Li, Michel Bourdellès, Alexandre Acebedo – THALES Communications (F), Julien Botella, Fabien Peureux - Smartesting R&D Center (F)

16:00 – 17:00 Session W4: New methods

  • Improving Protocol Validation by an IOSTS-based Passive Testing approach. PramilaMouttappa, Stephane Maag and Ana Cavalli - TELECOM SudParis (F)
  • A Novel SOA Security Model. Meryem Kassou, Laila Kjiri - Université Mohamed VSouissi (Ma)

 

The System Testing and Validation Workshop is a series of events initiated in the year 2002 that seeks to provide answers to the open issues related to validation and testing. Terms such as ubiquitous, pervasive, security, or autonomic computing, products under the general umbrella of smart devices or the use of large wireless sensors networks indicate a clear trend in the increase of application complexity and dependency. As a consequence inputs from research contributions and experience from industry have been required and collected in order to enable innovative, and often more rigorous, validation and testing approaches. Further details and proceedings from STV workshops are available via http://s.fhg.de/stv.