Tina Volkersdorfer und Professor Hans-Joachim Hof, beide aus der Forschungsgruppe „Security in Mobility“ im CARISSMA Institute of Electric, Connected, and Secure Mobility, stellen auf der The Fourteenth International Conference on Emerging Security Information, Systems and Technology (SECURWARE 2020) in Valencia, Spanien die ersten Projektergebnisse aus dem Forschungsprojekt „MASSiF – Modellbasierte Absicherung von Security und Safety für umfeldbasierte Fahrzeugfunktionen“ vor. Das Paper trägt den Titel „A Concept of an Attack Model for a Model-Based Security Testing Framework“. (Links: Folien Vortrag, Video Vortrag, Paper).
In this paper, we present a framework for model-based security testing. The primary advantage of our framework will be the automation of manual security reviews as well as automation of security tests like penetration testing. The framework can be used to decide on single steps for the test procedure. This paper focuses on the concept of the framework, describing the necessary components and their use. Our framework can simulate the behaviour of an adversary that executes multiple attacks to reach his primary goal. Using our approach, it is possible to continuously and consistently address security in software development, even in the early phases of software engineering when no running code is available. Due to the consistency, some of the necessary tests can be executed with less effort. This makes security tests more efficient. Our preliminary evaluation shows that it is possible to use our attack model in a wide range of domains and that there is potential reuse of modelled elements.