Model-based security testing: A taxonomy and systematic classification

Michael Felderer, Philipp Zech, Ruth Breu, Matthias Büchler, Alexander Pretschner

Research output: Contribution to journalArticlepeer-review

73 Scopus citations

Abstract

Model-based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model-based security testing approaches. It comprises filter criteria (i.e. model of system security, security model of the environment and explicit test selection criteria) as well as evidence criteria (i.e. maturity of evaluated system, evidence measures and evidence level). The taxonomy is based on a comprehensive analysis of existing classification schemes for model-based testing and security testing. To demonstrate its adequacy, 119 publications on model-based security testing are systematically extracted from the five most relevant digital libraries by three researchers and classified according to the defined filter and evidence criteria. On the basis of the classified publications, the article provides an overview of the state of the art in model-based security testing and discusses promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model-based security testing.

Original languageEnglish
Pages (from-to)119-148
Number of pages30
JournalSoftware Testing Verification and Reliability
Volume26
Issue number2
DOIs
StatePublished - 1 Mar 2016

Keywords

  • classification
  • model-based security testing
  • model-based testing
  • security testing
  • taxonomy

Fingerprint

Dive into the research topics of 'Model-based security testing: A taxonomy and systematic classification'. Together they form a unique fingerprint.

Cite this