HJP Consulting and its consortium partners, the University of Paderborn’s Software Quality and Lab and TÜV Informationstechnik, have won the German Federal Office for Information Security’s (BSI) competition for Model-based Testing with Reference Implementations (MOTEMRI).
The BSI issues technical guidelines for IT systems conformity testing. Based on these guidelines, IT systems are primarily evaluated with reference to interoperability of their IT security components.
For example, Technical Guideline BSI TR-03105 part 3 comprises the test specification for conformity testing electronic ID documents such as eID cards and ePassports. Companies such as HJP Consulting include test suites based on these specifications in their conformity test tools. These tools are widely used by international suppliers to test IT components. Technical Guideline BSI TR-03105 includes several hundred test cases. If the test specification changes, the respective implementations have to be adapted accordingly.
HJP says: “This process is very time-consuming based on the current approach. Test specifications are published as a text document. The range of interpretation involved can lead to errors and inaccuracy. In addition, preparing a reasonable test specification depends on the experience of the author.
“The main objective of MOTEMRI is to describe a test specification framework for the Password Authenticated Connection Establishment (PACE) protocol as a model instead of a text document. Using a model-based approach not only eliminates inconsistencies, inaccuracies and errors but also accelerates the process of implementing tests. Instead of using natural language, the model uses a modelling language, such as Unified Modelling Language (UML).
“The MOTEMRI project intends to prove that the model is consistent. Using this model a reference implementation will be generated and test cases will be produced semi-automatically.”