Software security issues have been a major concern
to the cyber space community. While the importance
of trustworthy software systems has been well
recognized and tremendous effort has been devoted
to enhancing cyber security, companies have still
suffered from various cyber crimes. One way to
improve software security is to develop secure
software and to conduct rigorous security testing
against it. While all activities in the software
development life cycle should be carefully performed
to build secure software, design-level vulnerabilities
are the hardest defects to handle, so secure design
is critical to the success of secure software development.
However, secure design does not necessarily guarantee
secure implementation because security policies and
mechanisms may not be implemented correctly for
various reasons. Therefore, there is a crucial need
for verifying whether or not the implementation of
a secure application conforms to its secure design.
There are several challenges involved in meeting
these needs: (1) generating automated tests from
secure design; (2) generating executable test code;
and (3) developing the testbed to support controlled
experiments with security testing.
This project addresses these challenges.
Graduate Researcher: Aaron Marback
Undergraduate Researchers:Nathan Ehresmann, Kevin Lee, and Cesar Ramirez