Cybersecurity Vulnerability Identification in System-of-Systems using Model-based Testing

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 55
  • Download : 0
When operationally and managerially independent constituent systems are integrated to form a System of Systems (SoS), cybersecurity vulnerabilities can be exploited by cyber threats that can break the security requirements of SoS due to its collaborative nature. Using model-based testing to generate test cases automatically can potentially aid in discovering vulnerabilities. However, security test case generation is time-consuming, error-prone, and labor-intensive; therefore, it is desirable to fully or partially automate security testing processes. This paper proposes the automatic test data generation using formal models presented as communicating sequential processes. We use the model-checking technique that generates counterexamples when the specified security properties are violated. Our approach then converted those counterexamples into executable test data by applying the conversion rule and defined mapping algorithm. We demonstrate our approach with an experiment using an operation of an air traffic control (ATC) system, a representative of SoS. We developed an agent simulation program to test the operation of the ATC by using the generated test data and evaluating it in terms of vulnerability identification. We incorporated four attack types, and our experimental results show that the security tests generated from the models can identify the known vulnerabilities in the ATC system.
Publisher
Institute of Electrical and Electronics Engineers Inc.
Issue Date
2022-06-09
Language
English
Citation

2022 17th Annual System of Systems Engineering Conference (SOSE), pp.317 - 322

DOI
10.1109/SOSE55472.2022.9812676
URI
http://hdl.handle.net/10203/299410
Appears in Collection
CS-Conference Papers(학술회의논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0