SENTINEL – Security Interaction Testing for IoT and Blockchains
The SENTINEL project aims to expand the horizons of combinatorial security testing by developing new methods for the challenging application-domains of Internet-of-Things (IoT) and Blockchains. The major research tasks include combinatorial sequence testing, case studies and related tool development.
SENTINEL is funded as part of the Measurement Science and Engineering (MSE) Research Grant Programs of the US Department of Commerce, National Institute of Standards and Technology (NIST).
SecWIT – Securing Web Technologies with Combinatorial Interaction Testing
The SecWIT project aims to advance the state of the art of Combinatorial Security Testing (CST) for web technologies and in the process facilitate methodologies and techniques that can be transformed into prototype security testing tools by utilization partners. By means of this approach, the specific goals are as follows: Modelling of web security attacks, methodology for guided combinatorial testing, localization of faults, and to develop a prototype security testing framework.
SBA-K1: AREA 4
The focus of Area 4 is to develop mathematical foundations and related primitives that can be used for data protection, secure communications and assured quality of software. The developed primitives will be evaluated in security challenges addressed by the center with mathematically guaranteed levels of trustworthiness.
In the upcoming years we will establish a new perspective of how discrete mathematics can contribute to information security. We will look at two topics: (i) the future of cryptography, including cryptographic primitives that will remain secure even if large quantum computers become available, and (ii) combinatorial security testing. Combinatorial security testing reduces the number of required test cases by several orders of magnitude while increasing the test coverage and thus considerably reducing the amount of resources needed for testing. The research challenge is to find mathematical foundations from discrete mathematics that are applicable to real-world and large-scale software.
Area 4 of the SBA-K1 project is funded as part of the COMET K1 Program Line: Competence Centers for Excellent Technologies by the Austrian Research Promotion Agency (FFG). The research area is comprised of three K1-projects focused on combinatorics and codes for information security, future cryptography: foundations, new threats and novel applications and combinatorial security testing.
SPLIT – Security Protocol Interaction Testing in Practice
The SPLIT project applies methods from the field of combinatorial (interaction) testing and model-based testing with the aim of providing quality assurance to software security protocols. The project thus makes a significant contribution towards protecting the information of communicating parties in a digitally connected society.
SBA2: Area 3 Secure Coding and Code Analyzing in Practice
The focus of the research area was to investigate software solutions based on secure coding primitives. We investigated, the security of large-scale systems and combinatorial testing methods for the Linux system call API, web security tests as well as laid down the foundation for combinatorial testing methods capable of detecting malicious hardware.
Area 3 of the SBA2 project was funded as part of the COMET K1 Program Line: Competence Centers for Excellent Technologies by the Austrian Research Promotion Agency (FFG).
MoBSeTIP – Model-based Security Testing in Practice
The MoBSeTIP project was focused on the combination of model-based testing and combinatorial testing methods in the area of security testing. The goal of the project was the development of a methodology for automatic generation and execution of test cases that cover certain security aspects of software components. The results generated in this project were of essential economic importance, especially in the automation of security tests, and undertook an important role in all of future projects.