NIST logo
Bookmark and Share

Model Driven Security Functional Testing


Model-Driven Engineering (MDE) is emerging as a promising approach that uses models to support various phases of system development lifecycle such as Code Generation and Verification/Validation (V &V). In this project, we develop model-driven methodologies for development of tests for testing the security functions of a product to make the security testing more cost efficient as well as effective in terms of providing the requisite assurance.


What is the Problem:
Security functional testing on many mission-critical products is often expensive and does not provide the end-user of those products with the needed assurance since developer-based tests are proprietary.

Why is NIST Involved:
To facilitate the widespread use of secure products by the government and industry, it is necessary that the mechanism used for obtaining that security assurance – i.e., security evaluation and security functional testing be based on a public domain methodology with requisite properties such as path coverage etc.

Project Goal:
The goal of this project is to define, specify and develop efficient and effective methodologies for security functional testing of products based on models of security function behavior.

Major Accomplishments:

Apart from publishing Conference and Journal papers that describe the model-driven security functional testing and developing proof of concept implementations, NIST applied the methodology to develop a suite of Smart Card Interface Conformance Tests (for conformance to FIPS 201 and SP 800-73 specifications) for the NIST Personal Identity Verification Program (

End Date:


Lead Organizational Unit:



 Dr. Ramaswamy Chandramouli (Mouli)

Related Programs and Projects:

For more information regarding the Model Driven Security Functional Testing, please visit the Computer Security Resource Center (CSRC).


Ramaswamy Chandramouli
(301) 975-5013

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930