Increasing Test Coverage via Mediated Activation of Adverse Cyber Events in Software-Intensive Systems
Files
Date
2024-01-03
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
7418
Ending Page
Alternative Title
Abstract
This paper describes an approach for more comprehensively and systematically evaluating the effect of adverse cyber events (ACEs) on system performance of software-intensive systems as compared to conventional testing approaches. Traditional operationally-oriented testing, such as the use of cyber red teams, typically only explores a small portion of the system attack surface subject to ACEs, including malicious adversary action. Our approach involves making automated, minimally intrusive, and fully reversible modifications to a software system to be tested. The modifications introduce “operational test points” that allow a test manager to induce availability and integrity effects at runtime. During testing, observers can monitor system, user, and defender performance as the effects of ACEs unfold; such information provides in-sights into the resilience of the system to ACE effects. As a complement to traditional cyber-related testing, we estimate via a model that the approach allows for more comprehensive operational testing of a system over a full range of ACEs.
Description
Keywords
Cybersecurity and Software Assurance, coverage, cyber, testing, uml, vulnerability
Citation
Extent
9 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 57th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.