Tina Volkersdorfer and Professor Hans-Joachim Hof, both from the research group "Security in Mobility" at the CARISSMA Institute of Electric, Connected, and Secure Mobility, present the first project results from the research project "MASSiF – Model-Based Security security and safety for environmental-based vehicle functions" at The Fourteenth International Conf pain. The paper is titled "A Concept of an Attack Model for a Model-Based Security Testing Framework". (Links: Slides Lecture, Video Lecture, Paper).
In this paper, we present a framework for model-based security testing. The primary advantage of our framework will be the automation of manual security reviews as well as automation of security tests like penetration testing. The framework can be used to decide on single steps for the test procedure. This paper focuses on the concept of the framework, describing the necessary components and their use. Our framework can simulate the behavior of an adversary that executes multiple attacks to reach his primary goal. Using our approach, it is possible to continuously and consistently address security in software development, even in the early phases of software engineering when no running code is available. Due to the consistency, some of the necessary tests can be executed with less effort. This makes security tests more efficient. Our preliminary evaluation shows that it is possible to use our attack model in a wide range of domains and that there is potential reuse of modelled elements.