Investigating Traditional Software Testing Methods for use with the Meta Attack Language

Abstract: Threat modelling of systems is an emerging field within computer security. With the introduction of the Meta Attack Language (MAL) by KTH researchers, the need for being able to test and verify the correctness of such modelling techniques has once again become apparent. This paper investigates the use of symbolic execution as well as model verification tools in order to certify the correctness of the produced models and their behavior. With the help of language developers, as well as a literature study about the targeted testing methods, it has been concluded that the current design of MAL makes it very difficult to test it effectively, and it is recommended that modifications be made to address that issue.