D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Recommendations

Info

Table 2. Requirements Coverage Test Classification Test Status Test Result Achievement Level Evolution New, Adapted,Updated Pass Fulfill Regression Unimpacted, Re-Executable Pass Fulfill Evolution New, Adapted,Updated Fail Deny Regression Unimpacted, Re-Executable Fail Deny Stagnation Outdated, Failed Pass Deny Stagnation Outdated, Failed Fail Fulfill Table 3. Completion of Change Propagation Change in ReM Model Test Status Test Suite New Element (Goal, Process) New Evolution Modified Element (Goal, Process) Adapted Evolution Model Element Not Impacted Re-Executable Regression Deleted Element Obsolete Stagnation – for each new or modified model element in the ReM model a new test case and an adapted are added to the evolution test suite, – for each model element not impacted by evolution there is a re-executable test case in the regression test suite, – for each model element deleted form the model there is an obsolete test case in the stagnation test suite. 7 Application to Case Study We first illustrate how a change from the GP-2.1.1 to the GP-2.2 requirement model is propagated to the test model and thus how the test suite for the GP-2.2 test model is generated. Then, we show how the test classification for the test model of GP-2.2 can be used to evaluate the completion of the change propagation process. Fig. 6 shows the SI* model for GP-2.1.1 and 2.2. The main actors are Global Platform Environment (OPEN), Privileged application (App), Privileged Security Domain (SD), and Issuer Security Domain (ISD). We only focus on the card lifecycle transition to TERMINATED state that is the one impacted by the evolution. This transition is represented by the goal G5: in the GP-2.1.1 model the goal G5 is AND decomposed in two subgoals G13 and G11’ the latter further decomposed into subgoals in goals G8’ and G12’; in the GP-2.2 model the goal G5 has only G12 as subgoal (labeled in grey). Fig. 7 represents the test model for GP-2.1.1 and GP-2.2: transitions SetOpNopSD and SetInNopSD (dotted arrows) are removed in GP-2.2 because they are associated with the deleted goal G9’. The transitions SetStatusNoApp and SetStatusNoApp (bolded arrows) between the states Card Locked to Terminated are added to the test model because in GP-2.2 requirement model the decomposition of G5 goal is changed. The traceability link between the goals in Fig. 6 and the transitions in the test model of Fig. 7 is illustrated in Fig. 8 representing the dynamic behavior of the transition setStatusApp. In order to trace the transition to goals G5 and G12 , the OCL code is 10
Legend: Goals surrounded by dashed rectangles correspond to requirements that belong only to G-2.1.1 model, goals in grey are new requirements related to the card life cycle introduced in version 2.2, and goals in white are goals corresponding to requirements that are present in both versions. Fig. 6. Requirement Model for GP specs 2.1.1 and 2.2 Table 4. Test Suite for GP-2.1.1 Transition Covered Test Requirement SetStatusForb Test 1 G 6, G 11 ′ SetStatusNopSD Test 2 G 5, G 8 ′, G 11 ′ SetStatusSD Test 3 G 5, G 8 ′, G 11 ′, G 12 ′ annotated with the tags @REM G5 and @REM G12 referring the goals G5 and G12. Based on the traceability link between goals and test model transitions we can generate the test suites for GP-2.1.1 and GP-2.2 that are illustrated respectively in Tab. 4 and Tab. 5. The tables only focus on the test cases for transitions from Card Locked to Terminated states: SetStatusNopSD and SetStatusNopApp that correspond to setStatus command performed by a Security Domain and Application with no Terminate privilege, SetStatusSD and SetStatusApp correspond to setStatus command performed by a Security Domain and Application with Terminate privilege and SetStatusForb corresponding to a Security Domain and Application with no Card Locked privilege. For example, since a new goal G12 has been added to the SI* model for GP-2.2 two new test cases Test 3 and Test 5 covering G12 and its top goal G5 have been added to the test suite. 11
Page 1 and 2:
D.3.3 ALGORITHMS FOR INCREMENTAL RE
Page 3 and 4:
1.14 19 January Final 1.15 23 Janua
Page 5 and 6:
Index DOCUMENT INFORMATION 1 DOCUME
Page 7 and 8:
1 Introduction This deliverable pre
Page 9 and 10:
(Clause 6.4.3) processes of ISO/IEC
Page 11 and 12:
3 Orchestrating Requirements and Ri
Page 13 and 14:
grey. The ADS-B introduction requir
Page 15 and 16:
The security risk manager identifie
Page 17 and 18:
are supported by the argumentation
Page 19 and 20:
ADS-B Manage ADS-B signal ADS-B sig
Page 21 and 22:
the stagnation suite (i.e. obsolete
Page 23 and 24:
5 A framework for modeling and reas
Page 25 and 26:
sectors. And there is 42% of probab
Page 27 and 28: SDA(C) = {DA 2 , DA 4 , DA 8 , DA 1
Page 29 and 30: application contexts is saved if th
Page 31 and 32: Figure 14. ATM model state after qu
Page 33 and 34: References [1] Yudis Asnar, Fabio M
Page 35 and 36: Managing Changes with Legacy Securi
Page 37 and 38: Failure in the provisioning of corr
Page 39 and 40: propagated to the system designer a
Page 41 and 42: APPENDIX B D.3.3 Algorithms for Inc
Page 43 and 44: is sometimes difficult, especially
Page 45 and 46: Tactical Monitor air R controller t
Page 47 and 48: protected from harm. Since in CORAS
Page 49 and 50: CModel. The postcondtion checks the
Page 51 and 52: of ADS-B signal and Availability of
Page 53 and 54: extensions to i* to model and analy
Page 55 and 56: 3. Bzivin, J., Dup, G., Jouault, F.
Page 57 and 58: APPENDIX C D.3.3 Algorithms for Inc
Page 59 and 60: steps. Section V demonstrates the R
Page 61 and 62: that should be mitigated by the sys
Page 63 and 64: CPU value PINconfirmed(PIN, card-de
Page 65 and 66: TABLE IV PRIORITIZATION OF RISKS FO
Page 67 and 68: context. We believe that the Common
Page 69 and 70: Managing Evolution by Orchestrating
Page 71 and 72: 1.1 The Contribution of this Paper
Page 73 and 74: Fig. 3. Integrated Change Managemen
Page 75 and 76: The requirement analysis is an iter
Page 77: Table 1. Conceptual Interface Requi
Page 81 and 82: Table 5. Test Suite for GP-2.2 Tran
Page 83 and 84: 6. P. K. Chittimalli and M. J. Harr
Page 85 and 86: Noname manuscript No. (will be inse
Page 87 and 88: Dealing with Known Unknowns: A Goal
Page 113 and 114: Understanding How to Manage Require
Page 115 and 116: Chatzoglou et al. [4] conducted a s
Page 117 and 118: Evolution Elicitation Probability E
Page 119 and 120: Table 2. Participants Background Pa
Page 121 and 122: for the defined success criteria. O
Page 123 and 124: Fig. 3. Codes Coverage ATM systems,
Page 125 and 126: The feedbacks provided by the ATM e
Page 127 and 128: 3. P. Carlshamre, K. Sandahl, M. Li
Page 129 and 130:
Quick fix generation for DSMLs Ábe
Page 131 and 132:
• extensibility: the supported li
Page 133 and 134:
Fig. 7. Overview of the Quick fix g
Page 135 and 136:
Fig. 9. Evaluation results (|V(M I
show all

D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Create successful ePaper yourself

Delete template?

Save as template?