A Holistic Approach to Event-Based Modeling and Testing of System Vulnerabilities

A Holistic Approach to Event-Based Modeling and Testing of System Vulnerabilities

Abstract

Man-machine systems have several desirable global system properties such as user friendliness, reliability, safety, and security. System vulnerability is the lack, or the exposure to breaches, of any such property, potentially leading to an undesirable situation from the users point of view. Such undesirable situations could arise from internal faults, unintended environmental failures or malicious attacks from the system environment. The undesirable system features, viewed here as the sum of situations, which are complementary to the desirable ones, must be taken into account in the system development process from the very beginning in assuring a stable system behavior and a robust operation. In this respect, this presentation proposes an event-based approach to modeling, analysis and testing of systems that exhibit various forms of vulnerabilities, in particular, those encountered in user interface design and safety critical systems. The emphasis of the work is on the holistic treatment of both desirable and undesirable system features in a similar manner at an identical level of abstraction. The presentation introduces an elementary test terminology, based on finite-state automata theory and Petri nets, and demonstrates the applicability as well as the effectiveness of the approach using realistic examples drawn from different domains.