MCP: A security testing tool driven by requirements

Phu X. Mai, Fabrizio Pastore, Arda Goknil, Lionel C. Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present MCP, a tool for automatically generating executable security test cases from misuse case specifications in natural language (i.e., use case specifications capturing the behavior of malicious users). MCP relies on Natural Language Processing (NLP), a restricted form of misuse case specifications, and a test driver API implementing basic utility functions for security testing. NLP is used to identify the activities performed by the malicious user and the control flow of misuse case specifications. MCP matches the malicious user's activities to the methods of the provided test driver API in order to generate executable security test cases that perform the activities described in the misuse case specifications. MCP has been successfully evaluated on an industrial case study.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering
Subtitle of host publicationCompanion, ICSE-Companion 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages55-58
Number of pages4
ISBN (Electronic)9781728117645
DOIs
Publication statusPublished - May 2019
Externally publishedYes
Event41st IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2019 - Montreal, Canada
Duration: 25 May 201931 May 2019

Publication series

NameProceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion, ICSE-Companion 2019

Conference

Conference41st IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2019
Country/TerritoryCanada
CityMontreal
Period25/05/1931/05/19

Keywords

  • Natural Language Processing
  • Natural Language Requirements
  • System Security Testing

Fingerprint

Dive into the research topics of 'MCP: A security testing tool driven by requirements'. Together they form a unique fingerprint.

Cite this