Model-Based Security Testing

[presentation]
by
Kyle Larsen, Microsoft Corporation
Summary: 

Preventing the release of exploitable software defects is critical for all applications. Traditional software testing approaches are insufficient, and generic tools are incapable of properly targeting your code. We need to detect these defects before going live, and we need a methodology for detection that is cost-efficient and practical. A model-based testing strategy can be applied directly to the security testing problem. Starting with very simple models, you can generate millions of relevant tests that can be executed in a matter of hours. Learn how to build and refine models to focus quickly on the defects that matter. Kyle Larsen shows you how to create a test oracle that can detect application-specific security defects: buffer overflows, uninitialized memory references, denial of service attacks, assertion failures, and memory leaks. Take back information on the advanced file "fuzzing" techniques Microsoft has used successfully.

  • How to build a model and adjust it to find security defects
  • Ways to apply the model-based techniques to any product
  • Microsoft's results using this methodology on shipping code

Upcoming Events

Nov 09
Apr 25
Jun 06