MCP: A Security Testing Tool Driven by Requirements (ICSE 2019 - Demonstrations) - International Conference on Software Engineering 2019 in Montreal, Canada

Blogs (1) >>

Sat 25 - Fri 31 May 2019 Montreal, QC, Canada

Who

Phu X. Mai, Fabrizio Pastore, Arda Goknil, Lionel Briand

Track

ICSE 2019 Demonstrations

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 30 May 2019 11:00 - 11:20 at Van-Horne - Requirements Chair(s): Liliana Pasquale

Abstract

We present MCP, a tool for automatically generating executable security test cases from misuse case specifications in natural language (i.e., use case specifications capturing the behavior of malicious users). MCP relies on Natural Language Processing (NLP), a restricted form of misuse case specifications, and a test driver API implementing basic utility functions for security testing. NLP is used to identify the activities performed by the malicious user and the control flow of misuse case specifications. MCP matches the malicious user’s activities to the methods of the provided test driver API in order to generate executable security test cases that perform the activities described in the misuse case specifications. MCP has been successfully evaluated on an industrial case study. Demo video: https://youtu.be/Ys5ESAMFH-Q.

Phu X. Mai

University of Luxembourg

Luxembourg

Fabrizio Pastore

University of Luxembourg

Arda Goknil

University of Luxembourg

Lionel Briand

SnT Centre/University of Luxembourg

Luxembourg

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 30 May
Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30	RequirementsDemonstrations / Papers / New Ideas and Emerging Results / Technical Track / Journal-First Papers at Van-Horne Chair(s): Liliana Pasquale University College Dublin & Lero, Ireland

11:00 20m Talk		MCP: A Security Testing Tool Driven by RequirementsDemos Demonstrations Phu X. Mai University of Luxembourg, Fabrizio Pastore University of Luxembourg, Arda Goknil University of Luxembourg, Lionel Briand SnT Centre/University of Luxembourg
11:20 20m Talk		RM2PT: A Tool for Automated Prototype Generation from Requirements ModelDemos Demonstrations Yilong Yang University of Macau, Xiaoshan Li Faculty of Science and Technology, Univesity of Macau, Zhiming Liu Southwest University, Wei Ke Macao Polytechnic Institute
11:40 20m Talk		Supporting Analysts by Dynamic Extraction and Classification of Requirements-Related KnowledgeTechnical Track Technical Track Zahra Shakeri University of Calgary, Vincenzo Gervasi University of Pisa, Didar Zowghi University of Technology, Sydney, Behrouz Far University of Calgary
12:00 10m Talk		An Active Learning Approach for Improving the Accuracy of Automated Domain Model ExtractionJournal-First Journal-First Papers Chetan Arora SES Networks and University of Luxembourg, Mehrdad Sabetzadeh SnT Centre / University of Luxembourg, Shiva Nejati SnT Centre/University of Luxembourg, Lionel Briand SnT Centre/University of Luxembourg
12:10 10m Talk		Requirements Engineering as Science in the SmallNIER New Ideas and Emerging Results Munindar P. Singh North Carolina State University, Amit Chopra Lancaster University, UK
12:20 10m Talk		Discussion Period Papers