This paper presents an attack scenario based approach for software security testing at design stage. Attack scenarios are represented as Extended Activity Diagram (EAD) and New Unified Threat Model (NUTM). Security test cases are derived from attack scenarios automatically according to coverage criteria of complex attack path. These test cases are applied to test the security of system. According to test case results, the system can be improved by mitigations. In addition, attack pattern and security pattern are provided for developers to characterize and reuse well-studied attacks and mitigations in a quick and correct way. We illustrate our approach with an example of online banking system. The example shows that our attack scenario based approach can help developers to test the system's response to potential attacks and then improve system design to satisfy necessary security requirements at early design stage.

• 出版日期2008
• 单位天津大学