21/09/2015

Combinatorial Security Testing: Combinatorial Testing Meets Information Security:  Speaker: Dimitris Simos

Abstract: Over the recent years, a number of combinatorial strategies have been devised to help testers choose subsets of input combinations that would maximize the probability of detecting faults, with combinatorial testing being the most prominent one. Combinatorial testing has been successfully applied for testing (critical) software systems in large organizations and is an already proven method for security testing of large-scale software systems. In this talk we review recent advances on web application security testing and testing of operating systems and explore the applicability of combinatorial testing to new promising application domains of information security. In particular, as part of the newly spawned combinatorial security testing project between SBA Research and NIST ACTS project team, we address how combinatorial testing can be applied to (1) ensure proper error-handling of security protocols and (2) provide the theoretical guarantees for triggering FPGA Cryptographic Trojans. Besides providing the details of the combinatorial models, we also hinder on the technical challenges that need to be solved in the foundations of combinatorial testing. The talk is concluded with some open research problems and directions for future Research.

 

 

Dimitris Simos is invited to National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA during 21-22 September, 2015. The purpose of the visit is two-fold. He will present recent advances on  combinatorial security testing to the applied and computational mathematics division seminar series and discuss common research interests with the ACTS/NIST project team.