Home » SHIELDS Tools

TestGen

Tool Details

Tool Name: TestGen
Tool Title Phrase: TestGen, an active testing tool that generates test cases based on a functional specification of the software under analysis and on security rules derived from SHIELDS models.
Current Version: 0.1
Description: The TestGen tool aims at automatically generating test scenarios from a formal description of the studied system. This generation is made according to specific objectives called test purposes. Originally, TestGen was conceived to test the functional behaviour of communicating systems (considered as a black box) without considering their security requirements. A new module has been added to enable TestGen to benefit from the formalisms designed in SHIELDS and generate test cases targeting systems’ security goals in order to detect potential vulnerabilities.Starting from security goals described in different SHIELDS models (e.g. Security Activity Graph (SAG), Security Goal Indicator Tree (SGIT), threat models, etc.), a set of security rules are manually generated. These security rules are then formally specified in Nomad formal language and constitute the first input for the TestGen tool.
Architecture: The Figure below represents the basic architecture of the tool and the required input and outputs.

As shown, the TestGen tool takes as input (in blue):
  1. A formal functional specification of the system.
  2. A specification of the security rules that we wish to check on the system implementation.
List of Features: TestGen is a powerful test generation tool that allows automated testing of the specified functional and security properties of a system.
Web site: Not yet available
Contact information: contact@montimage.com
Other informations: Prototype version only that will be made available under an open source license before the end of 2009. It has been developed by Institute Telecom / Telecom & Management SudParis and Montimage. A commercial version will also be made available, as well as services offering assistance in the specification of systems, the detection, elimination and test of security vulnerabilities.
Tool presentation: Presentation: [PPT]