Hironori Washizaki, “TESEM: A Tool for Verifying Security Design Pattern Applications,” Invited Talk, 3rd International Workshop on Software Test Architecture (InSTA 2016, ICST 2016 Workshop), 10 April 2016, Chicago, U.S.A.
Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process is often insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure design and implementation, we propose extended security patterns, which include requirement- and design-level patterns as well as a new model testing and model-based code testing process. Our approach is implemented in a tool called TESEM, Test Driven Secure Modeling Tool, which supports pattern applications by creating a script to execute model testing automatically (ARES’13, IJSSE’14, ICST’15). Moreover we recently extended the tool to support testing of security design patterns implementation by preparing testcase templates (ARES’14). By using the tool, developers can specify threats and vulnerabilities in the target design and implementation according to security design patterns, verify whether the security patterns are properly applied, and assesses whether these vulnerabilities are resolved.