CSI Pune Lecture: Security Testing Using Models January 16, 2009

Speaker: Padmanabhan Krishnan, Professor at the Centre for Software Assurance, School of IT, Bond University, Australia. He also holds a research associate position at the United Nations University, International Institute for Software Technology. He got his BTech from IIT-Kanpur and MS and PhD from the University of Michigan, Ann Arbor. His interests are in model based testing, verification techniques and practical formal methods for software assurance. He has held positions in the USA, Denmark, New Zealand, Germany and Australia.

Abstract: In this, we present a framework based on model based testing for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model based approaches which remove implementation details are by themselves inadequate for testing security vulnerabilities. We demonstrate a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing.

Our framework has three sub-models: a model or specification of the key aspects of the application, a model about the relevant aspects of the implementation and a model of the attacker. These three models are them combined to generate test cases. The same approach can also be used to test if a system meets a privacy policy.

Who Should Attend: Professionals interested in Test Automation and students.

Registration : Free for CSI and ISACA members, Rs. 50 for Persistent
employees and students, Rs. 100 for others. To register click
www.csi-pune.org

Official Website: http://csi-pune.org