An Advanced Approach for Choosing Security Patterns and Checking their Implementation

TL;DR

This paper presents a comprehensive approach guiding developers from threat modeling to testing, using security patterns and attack defense trees to generate test cases and verify security implementations in applications.

Contribution

It introduces a novel method integrating attack defense trees, security patterns, and formal verification to improve security testing and implementation validation.

Findings

Effective in identifying vulnerabilities in web applications

Automates test case generation based on attack defense trees

Verifies security pattern properties in application traces

Abstract

This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at guiding developers towards the implementation of secure applications, from the threat modelling stage up to the testing one. This approach relies on a knowledge base integrating varied security data, e.g., attacks, attack steps, and security patterns that are generic and re-usable solutions to design secure applications. The first stage of the approach consists in assisting developers in the design of Attack Defense Trees expressing the attacker possibilities to compromise an application and the defenses that may be implemented. These defenses are given under the form of security pattern combinations. In the second stage, these trees are used to guide developers in the test case generation. After the test case execution, test verdicts show whether an application is vulnerable to the threats modelled by an ADTree. The last stage of the approach checks whether behavioural properties of security patterns hold in the application traces collected while the test case execution. These properties are formalised with LTL properties, which are generated from the knowledge base. Developers do not have to write LTL properties not to be expert in formal models. We experimented the approach on 10 Web applications to evaluate its testing effectiveness and its performance.