NIST logo
*
Bookmark and Share

Model Driven Security Functional Testing

Summary:

Model-Driven Engineering (MDE) is emerging as a promising approach that uses models to support various phases of system development lifecycle such as Code Generation and Verification/Validation (V &V). In this project, we develop model-driven methodologies for development of tests for testing the security functions of a product to make the security testing more cost efficient as well as effective in terms of providing the requisite assurance.

Description:

What is the Problem:
Security functional testing on many mission-critical products is often expensive and does not provide the end-user of those products with the needed assurance since developer-based tests are proprietary.

Why is NIST Involved:
To facilitate the widespread use of secure products by the government and industry, it is necessary that the mechanism used for obtaining that security assurance – i.e., security evaluation and security functional testing be based on a public domain methodology with requisite properties such as path coverage etc.

Project Goal:
The goal of this project is to define, specify and develop efficient and effective methodologies for security functional testing of products based on models of security function behavior.

Major Accomplishments:

Apart from publishing Conference and Journal papers that describe the model-driven security functional testing and developing proof of concept implementations, NIST applied the methodology to develop a suite of Smart Card Interface Conformance Tests (for conformance to FIPS 201 and SP 800-73 specifications) for the NIST Personal Identity Verification Program (http://csrc.nist.gov/groups/SNS/piv/npivp/index.html)

End Date:

ongoing

Lead Organizational Unit:

ITL

Staff:

 Dr. Ramaswamy Chandramouli (Mouli)
301-975-5013
mouli@nist.gov

Related Programs and Projects:

For more information regarding the Model Driven Security Functional Testing, please visit the Computer Security Resource Center (CSRC).

Contact

Ramaswamy Chandramouli
(301) 975-5013
ramaswamy.chandramouli@nist.gov

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930