By Topic

Modeling and Testing Secure Web-Based Systems: Application to an Industrial Case Study

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Mallouli, W. ; CNRS, Inst. Telecom / Telecom SudParis, France ; Lallali, M. ; Morales, G. ; Cavalli, A.R.

Ensuring that a Web-based system respects its security requirements is a critical issue that has become more and more difficult to perform in these last years. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. To guarantee such a respect, we need to test the target Web system by applying a complete set of test cases covering all the possible scenarios. To reach this aim, we first specify the Web system behavior from its functional point of view using IF language. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security properties specified in Nomad language. This language is well adapted to express security properties with time constraints. Then, we use a dedicated tool called TestGen-IF, to perform an automatic test generation of test cases targeting security purposes. These test sequences are transformed in executable test cases that can be applied on a real Web application. We present in this paper an industrial Web-based system provided by France Telecom as a case study to demonstrate the reliability of our framework.

Published in:

Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on

Date of Conference:

Nov. 30 2008-Dec. 3 2008