Security Testing

Project Description

Software security issues have been a major concern to the cyber space community. While the importance of trustworthy software systems has been well recognized and tremendous effort has been devoted to enhancing cyber security, companies have still suffered from various cyber crimes. One way to improve software security is to develop secure software and to conduct rigorous security testing against it. While all activities in the software development life cycle should be carefully performed to build secure software, design-level vulnerabilities are the hardest defects to handle, so secure design is critical to the success of secure software development. However, secure design does not necessarily guarantee secure implementation because security policies and mechanisms may not be implemented correctly for various reasons. Therefore, there is a crucial need for verifying whether or not the implementation of a secure application conforms to its secure design. There are several challenges involved in meeting these needs: (1) generating automated tests from secure design; (2) generating executable test code; and (3) developing the testbed to support controlled experiments with security testing. This project addresses these challenges.
  • PI: Hyunsook Do
  • Graduate Researcher: Aaron Marback
  • Undergraduate Researchers:Nathan Ehresmann, Kevin Lee, and Cesar Ramirez

    Project Wiki Page