Towards Architectural Pen Test Case Generation and Attack Surface Analysis to Support Secure Design
Abstract:
In today’s interconnected world, software systems
have become indispensable components of complex frameworks,
such as cyber-physical systems, e-commerce platforms, and
healthcare information systems. This widespread integration
highlights the importance of security more than ever, as these
systems often function in critical environments where vulnerabilities
can lead to significant destructive consequences. Penetration
testing is a key method for identifying vulnerabilities
but is often conducted after deployment, making remediation
costly and time-consuming. On the other hand, back to the
early phases of the Software Development Life Cycle (SDLC),
software architects often lack the security expertise and feedback
mechanisms needed to make informed design decisions, leading
to vulnerabilities that remain undetected until later stages. In this
paper, to address these challenges, we propose a research plan
to integrate security considerations into the design phase. Our
approach involves generating architecture-based penetration test
cases, evaluating the attack surface of alternative architectures
by using the generated test cases, and supporting software
... mehr
have become indispensable components of complex frameworks,
such as cyber-physical systems, e-commerce platforms, and
healthcare information systems. This widespread integration
highlights the importance of security more than ever, as these
systems often function in critical environments where vulnerabilities
can lead to significant destructive consequences. Penetration
testing is a key method for identifying vulnerabilities
but is often conducted after deployment, making remediation
costly and time-consuming. On the other hand, back to the
early phases of the Software Development Life Cycle (SDLC),
software architects often lack the security expertise and feedback
mechanisms needed to make informed design decisions, leading
to vulnerabilities that remain undetected until later stages. In this
paper, to address these challenges, we propose a research plan
to integrate security considerations into the design phase. Our
approach involves generating architecture-based penetration test
cases, evaluating the attack surface of alternative architectures
by using the generated test cases, and supporting software
... mehr
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) |
| Publikationstyp | Forschungsbericht/Preprint |
| Publikationsdatum | 20.01.2025 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000178592 |
| HGF-Programm | 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems |
| Weitere HGF-Programme | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Verlag | Karlsruher Institut für Technologie (KIT) |
| Umfang | 6 S. |
| Schlagwörter | security by design, penetration testing, attack, surface analysis, architectural decision support, autonomous, vehicle systems |
