• No results found

Test Management Tool for Risk-based Security Testing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Test Management Tool for Risk-based Security Testing"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Michael Berger (Fraunhofer FOKUS)

[email protected]

(2)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

Conclusion

(3)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(4)

Introduction of Traceability – Requirement Traceability

• Requirement Traceability

I. What is requirements traceability?

• A requirement may be traced in one of four distinct ways, according to Karl Weigers in his book Software Requirements

• “Customer needs are traced forward to requirements, so that you can tell which requirements will be affected if those needs change.

• Specific product elements [may be traced] backward to requirements so that you know why each item was created.”

• Conversely, you can trace backward from requirements to customer needs to identify the origin of each software requirement.

(5)

Introduction of Traceability – Requirement Traceability

• Requirement Traceability

II. Why is requirements traceability important?

• It ensures that final deliverables directly tie to initial business needs.

• Done properly, it ensures that organizations do not waste time and resources repeating research.

• It complies with established industry standards. • If offers much easier impact analysis

(6)

Introduction of Traceability – Traceability in Safety

• Traceability in Safety

• For example, IEC 61508 recommends the usage of fault tree analysis, data flow diagrams, simulations, configuration management and structured programming.

• Most of the standards mandate traceability either as requirements that a system shall fulfil, or as a technique that shall be used while developing the system.

• Traceability is a mechanism for relating artefacts, and is vital for ensuring the completeness of the specification and for the system itself.

(7)

Introduction of Traceability – Definition

• Traceability defines relationships between different models.

Such a relationship consists of at least a tuple of model elements and is called trace. The simplest kind is untyped tracing. A trace may be created between every kind of

element in arbitrary models. It allows easily navigating between models and model elements.

A more reasonable kind of tracing is typed tracing. That requires the definition of a trace metamodel to restrict the traces to specific element types.

The typed tracing requires a defined trace metamodel. In trace metamodel the traces with related element types are specified.

• Services and analytic tools can get required information of the modelled parts and artefacts belonging the trace metamodel

(8)

Security Test Management Tool

(9)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(10)

• The user has to define traces while developing model with a single tool.

• The traceability management has to offer tracepoint creation, editing and navigation. • A special trace metamodel restrict the trace creation.

• The user can use supported services with this tool. • The user can define new services for the model.

• If the user prefer another editor tool he has the chance to add this editor tool to the test managing tool.

(11)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(12)

Abstract Domain Model Concept

• Each model is related to a

certain model domain. We are currently supporting four

domains:

Risk Domain (CORAS)System Domain

(UML, SysML)

Requirement Domain

(ReqIF)

Test Domain (TTCN3)

• Each model domain is an abstraction of all different model kinds of this domain. To

support another model kind, a mapping to the domain model is necessary.

Risk Domain System Domain Requirement Domain Test Domain

(13)

Abstract Domain Model Concept

• Each model is related to a

certain model domain. We are currently supporting four

domains:

Risk Domain (CORAS)System Domain (UML, SysML) • Requirement Domain (ReqIF) • Test Domain (TTCN3) Risk Domain

• Each model domain is an abstraction of all different model kinds of this domain. To

support another model kind, a mapping to the domain model is necessary.

System Domain Requirement Domain Test Domain Service Point

(14)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(15)

Test Managing Tool in Overview

T raceability Platform Services Domain Platform

Domain Query Interpreter

Trace Storage Domain Metamodel Trace Metamodel Coverage Analyzing Service Trace Query Interpreter Model Query Dispatcher Trace Management Domain Tool Metamodel Mapper Likelihood Analyzing Service … Tool Metamodel Mapper

(16)

Test Managing Tool in Overview – Trace Management

Trace Point Viewer

Trace Editor Trace Menu

(17)

Trace Meta-Model in Context of Risk-based Security Testing

impacts tests realizes Vulnerability Treatment Risk Domain Threat Scenario / Unwanted Incident Model System Domain System Component Requirement Domain Security Test Requirement Security Functional Requirement TestCase Test Domain
(18)

Distributed Query Handling

Trace Query Interpreter Query Dispatcher Domain Query Interpreter A QUERY Service SUBQUERY Domain Query Interpreter B ANSWER SUBQUERY ANSWER SUBQUERY ANSWER
(19)

Test Managing Tool in Overview – Domain Layer

Domain Level

Tool Level

Mapping Query Request Service
(20)

Test Managing Tool in Overview

T raceability Platform Services Domain Platform

Domain Query Interpreter

Trace Storage Domain Metamodel Trace Metamodel Coverage Analyzing Service Trace Query Interpreter Model Query Dispatcher Trace Management Domain Metamodel Likelihood Analyzing Service … Metamodel

(21)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(22)

To specify a new service you have to define queries on domain

metamodel

To integrate a new editor tool you have to select the belonging

domain and

To specify the way to create a tracepoint for the selected element

To define a mapping between editor tool metamodel and domain

metamodel

(23)

Model Relation Example between System Domain and UML

Domain Level

Tool Level

Mapping Query Request Registry Factory mapElement createDomainElement getDomainElement
(24)

Model Relation Example between System Domain and UML

Domain Level

Tool Level

Mapping Query Request Domain Element refElement 1 Tool Element
(25)

Model Relation Example between System Domain and UML

System Domain

UML

1

1 refElement

(26)

Outline

Introduction to traceability

Test Management Tool requirement and concept

Tool requirement

Domain concept

Tool realization

Tool layers and components

Configuration requirements

(27)

Conclusion

Supporting of traceability by flexible defining of trace relations

Services can also be used in the same way while developing to define

test cases

New tools can be added by providing a domain and corresponding

tool metamodel

(28)

Thank you for your attention!

Any questions?

References

Download now ( PDF - 28 Page - 403.79 KB )

Related documents

BREAKING DOWN BARRIERS

D espite the efforts of tribunal chairs and members to ensure that tribunals are jargon-free and accessible to users from all backgrounds, there remains a group of people

Modeling of Morphou (Güzelyurt) Flood and Remedial Measures 1

When water level reaches 94 m elevation at Zodia Creek reservoir, water starts to flow from Zodia Creek Detention Basin to Potami Creek by means of the diversion channel..

SALARY SURVEY NACE SEPTEMBER 2013 EXECUTIVE SUMMARY. Featuring:

Graduates earning degrees in the math and science disciplines saw the least movement in their average starting salary in this report. The overall average salary for the group

Guideline of the National Institute of Pharmacy on the right choice of names for medicinal products for human use

- Use of a different name may be allowed if the MAH is not identical in all the member states AND the MAH in one or more member states is not eligible

Running the Health Care Marathon: An Ethnography of a Charitable Clinic in a Rural Appalachian Community

Today, throughout Appalachia and the United States, community based free clinics serve as healthcare safety nets providing limited health care services to individuals who fall in

Mind the Gap! Consumer Perceptions and Choices

Enrollment and enrollment timing The expected payoff of enrolling in a Part D stand-alone plan consists of two components, the expected current value CV defined as expected

Domestic Violence Education - An Empirical Research Program

This protocol titled “Retrospective Investigation of Course Content Evaluation by Students: A Survey of Domestic Violence Education and Experience among Current UNLV-SDM

Australia’s Strategic Priorities: Challenges for a New Government

This ARI deals with the key decisions to be adopted by the new Australian Labor Government regarding the orderly withdrawal of Australian ground forces from Iraq in 2008,