A method based on Behavior Driven Development (BDD) and System-Theoretic Process Analysis (STPA) for verifying security requirements in critical software systems
This Computer Science final paper aims to apply the method based on BDD and STPA for the verification of security requirements. The application was developed using Thymeleaf for the front-end, SpringBoot for the back-end, and PostgreSQL for the database. Tests for Confidentiality and Integrity were conducted using the Cucumber, JUnit, and Selenium frameworks. For availability testing, the Karate and Gatling frameworks were utilized.
- Java 17+
- Google Chrome 119
- Chrome Driver 119
- PostgreSQL 14+
- Lombok
- Java 17: https://www.oracle.com/java/technologies/javase/jdk17-archive-downloads.html
- PostgreSQL: https://www.postgresql.org/download/
- Lombok: https://projectlombok.org/download
- IntelliJ: https://www.jetbrains.com/pt-br/idea/download/?section=windows
To run the application and tests, you need to follow the steps below:
Need to have in Windowns enviroment Variables the folder path of intelliJ.
To run the application, it is necessary to have Lombok installed in the IDE. To do this, go to Settings > Plugins (in IntelliJ), search for the Lombok Plugin, and then click on 'Install Plugin'.
You need to open your IDE (IntelliJ in the example used above) and import confidentiality-integrity as a Maven project. Then, in confidentiality-integrity\src\main\resources\application.properties, you need to define the information about your Postgres administrator user by changing the following properties:
spring.datasource.url= jdbc:postgresql://localhost:0000/database
spring.datasource.username= username
spring.datasource.password= password
Finally, execute the main class ConfidentialityIntegrity.class as a Java Application.
In the directory confidentiality-integrity/src/test/resources/features/, you will find the features that are used for conducting tests. The features describe the expected behavior of the software in natural language. As an example:
And in the directory confidentiality-integrity\src\test\java\com\rubatino\tcc, you will find the implementation of the features. To run the tests, simply right-click on the RunCucumberTest.class class and click on " Run 'RunCucumberTest' ".
Note: For the execution of Selenium, Google Chrome 119 was used. The chromedriver.exe file is located in confidentiality-integrity/src/test/resources/.
- Java 17+
To run the application and tests, you need to follow the steps below:
Need to have in Windowns enviroment Variables the folder path of intelliJ.
For the tests to work, it is necessary to install the Scala plugin in your IDE. To do this, go to Settings > Plugins (IntelliJ),search for Scala plugin and then click on 'Install Plugin'.
You need to open your IDE (IntelliJ in the example used above) and import availability as a Maven project.
To run the availability test, first ensure that the application is running. Then, execute the command:
mvn clean test-compile gatling:test