Abstract
Model-based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model-based security testing approaches. It comprises filter criteria (i.e. model of system security, security model of the environment and explicit test selection criteria) as well as evidence criteria (i.e. maturity of evaluated system, evidence measures and evidence level). The taxonomy is based on a comprehensive analysis of existing classification schemes for model-based testing and security testing. To demonstrate its adequacy, 119 publications on model-based security testing are systematically extracted from the five most relevant digital libraries by three researchers and classified according to the defined filter and evidence criteria. On the basis of the classified publications, the article provides an overview of the state of the art in model-based security testing and discusses promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model-based security testing.
Original language | English |
---|---|
Pages (from-to) | 119-148 |
Number of pages | 30 |
Journal | Software Testing Verification and Reliability |
Volume | 26 |
Issue number | 2 |
DOIs | |
State | Published - 1 Mar 2016 |
Keywords
- classification
- model-based security testing
- model-based testing
- security testing
- taxonomy