Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

TL;DR

This paper presents an approach that automates security testing for IIoT applications by integrating threat modeling with automated test case generation, addressing the increasing security challenges in interconnected industrial systems.

Contribution

It introduces a novel method that links threat modeling directly to automated test case generation, enhancing systematic security testing in industrial IoT environments.

Findings

Automated test case generation effectively covers identified threats.

The approach improves testing efficiency and comprehensiveness.

It facilitates early detection of security vulnerabilities.

Abstract

Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of newthreats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.