登录 | 注册 | 退出 | 公司首页 | 繁体中文 | 满意度调查
综合馆
一种构件安全测试错误注入模型
  • 摘要

    构件特别是第三方构件的可靠性及安全性是影响构件技术发展的重要因素之一.目前在构件安全漏洞的测试方法和技术方面研究还不够深入.提出了一种构件安全测试错误注入模型FIM(faultinjection model of component security testing),并对FIM模型的相关定义及其矩阵形式进行了详细阐述,同时基于FIM模型给出了一种错误注入测试用例生成算法TGSM(test-case generating based onsolution matrix).TGSM算法根据矩阵形式的FIM模型生成满足K因素覆盖的解矩阵,解矩阵的所有行数据组成了错误注入测试用例.在研究项目CSTS(component security testing system)中实现了FIM模型,实验结果表明FIM生成的三因素覆盖错误注入测试用例效果显著,能用适当的测试用例触发绝大部分构件安全异常.FIM模型具有较好的可操作性及可用性.

  • 作者

    陈锦富  卢炎生  谢晓东  Chen Jinfu  Lu Yansheng  Xie Xiaodong 

  • 作者单位

    华中科技大学计算机科学与技术学院,武汉,430074

  • 刊期

    2009年7期 ISTIC EI PKU

  • 关键词

    构件测试  构件安全  错误注入  安全异常  测试用例生成 

参考文献
  • [1] 毛澄映,卢炎生. 构件软件测试技术研究进展. 计算机研究与发展, 2006,8
  • [2] 聂长海,徐宝文. 基于接口参数的黑箱测试用例自动生成算法. 计算机学报, 2004,3
  • [3] 陈锦富,卢炎生,谢晓东,游亮,温贤鑫. 一个组件安全自动化测试平台的设计与实现. 计算机科学, 2008,12
  • [4] Chen Jinfu;Lu Yansheng;Xie Xiaodong. Testing approach of component security based on dynamic monitoring. Los Alamitos,CA:IEEE Computer Society, 2007
  • [5] Thompson H H;Whittaker J A;Mottay F E. Software security vulnerability testing in hostile environments. New York:ACM, 2002
  • [6] McGraw G;Allen B. Software security testing. IEEE Security and Privacy, 2004,05
  • [7] Chen Jinfu;Lu Yansheng;Xie Xiaodong. Testing approach of component security based on fault injection. Los Alamitos,CA:IEEE Computer Society, 2007
  • [8] Zhong Q;Edwards N. Security control for COTS components. IEEE Software, 1998,06
  • [9] Whittaker J A. Software's invisible users. IEEE Software, 2001,03
  • [10] Lei Y;Tai K C. In-parameter-order:A test generation strategy for pairwise testing. Washington,DC:IEEE, 1998
  • [11] Tai K C;I ei Y. A test generation strategy for pairwise testing. IEEE Transactions on Software Engineering, 2002,01
  • [12] Kuhn D R;Gallo A M. Software fault interactions and implications for.software testing. IEEE Transactions on Software Engineering, 2004,06
  • [13] Kuhn D R;Reilly M J. An investigation of the applicability of design of experiments to software testing. Washington,DC:NASA Goddard Space Flight Center, 2002
  • [14] Md Khan K;Han J. Assessing security properties of software components:A software engineer's perspective. Washington,DC:IEEE, 2006
  • [15] Jabeen F;Jaffar-Ur-Rehman M. A framework for object oriented component testing. Los Alamitos,CA:IEEE, 2005
  • [16] Hart J;Zheng Y. Security characterisation and integrity assurance for component-based software. Piscataway,NJ:IEEE Computer Society, 2000
  • [17] Du W P;Mathur A. Vulnerability testing of software system using fault injection. West Lafayette:Purdue University, 1998
  • [18] Hsueh M C;Tsai T K;I yer R K. Fault injection techniques and tools. IEEE Transaction on Computer, 1997,04
  • [19] Looker N;Munro M;Xu J. A comparison of network level fault injection with code insertion. Washington,DC:IEEE Computer Society, 2005
查看更多︾
相似文献 查看更多>>
3.233.220.21