NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Automated Security Functional Testing

Experience with security evaluations of products in recent years has shown that such evaluations are a very expensive and time consuming process from the point of view of vendors of IT products. Although Security functional testing is an important component of security evaluation, time and cost considerations have made it to occupy a backseat in the overall security evaluation schemes except in the case of high assurance products. This situation is due to several factors. Some of these factors are:

  1. Developing test specifications and test codes requires a fairly detailed knowledge of the behavior of security functions as well as the product interfaces needed to exercise those functions and measure the responses.
  2. There are very few automated tools available to support the above process.