ASTRID-Maturation - Accompagnement spécifique des travaux de recherches et d'innovation Défense : Maturation et Valorisation

Model-Based Testing for Security Components – MBT_Sec

Submission summary

Security components represent a strategic issue for the security of computer systems, in the domain of Defense applications (e.g. for cyphering and authentication), as well as for Civilian applications (e.g. for smart cards, or access control systems). Security testing applied to these components aim at ensuring that security properties, such as confidentiality or integrity, are correctly implemented inside the component. It is also important to test for potential vulnerabilities of the component when it faces attacks or malicious behaviors.

The MBT_Sec project aims at developing an environment for automated security testing dedicated to security components. Its goal is to increase the technological maturity of the results obtained during the ASTRID OSeP project to move this latter from a TRL 3-4 to a TRL 5-6.

The projet addresses 3 main technological questions:
- the scalability of the automated test generation algorithms;
- the adaptation of the behavioral modelling language to the specific target of security components;
- the driving of the test generation by test patterns formalizing the security properties to test.

The expected results of the MBT_Sec project relate to an efficient test generation environment for security components, scalable, and easy-to-use for a validation engineer for this type of components. It will make it possible to exploit the result in the fields of components for security defense, smart cards, online and mobile payment, and in the domain of access control software components. This represents an important potential market for the innovation induced by the project, in a field where test design is still mainly manual, costly, and unsystematic.

The MBT_Sec project is a partnership between:
- Smartesting, software editor, a company specialized on automated test generation techniques;
- The FEMTO-ST Institute, research laboratory ranked A+ involving researchers from the computer science department, also members of the INRIA CASSIS project.
The DGA MI/SSI, department "Analysis and development of Security Software" takes part to project for the experimentation and the validation of the results.

Bruno Legeard (PME (petite et moyenne entreprise))

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.

SMT Smartesting
FEMTO-ST Franche-Comté Electronique Mécanique Thermique et Optique- Sciences et Technologies

Help of the ANR 451,203 euros
Beginning and duration of the scientific project: December 2013 - 24 Months

Explorez notre base de projets financés

ANR makes available its datasets on funded projects, click here to find more.