高级检索

    一种构件安全测试错误注入模型

    A Fault Injection Model of Component Security Testing

    • 摘要: 构件特别是第三方构件的可靠性及安全性是影响构件技术发展的重要因素之一.目前在构件安全漏洞的测试方法和技术方面研究还不够深入.提出了一种构件安全测试错误注入模型FIM(fault injection model of component security testing),并对FIM模型的相关定义及其矩阵形式进行了详细阐述,同时基于FIM模型给出了一种错误注入测试用例生成算法TGSM(test-case generating based on solution matrix).TGSM算法根据矩阵形式的FIM模型生成满足K因素覆盖的解矩阵,解矩阵的所有行数据组成了错误注入测试用例.在研究项目CSTS(component security testing system)中实现了FIM模型,实验结果表明FIM生成的三因素覆盖错误注入测试用例效果显著,能用适当的测试用例触发绝大部分构件安全异常.FIM模型具有较好的可操作性及可用性.

       

      Abstract: The reliability and security of components block the development of component technology. Currently, component security testing is rarely researched as a special subject, and there are not some feasible approaches or technologies in detecting component security vulnerabilities. Problems with the component reliability and security have not yet been solved. The authors propose a FIM (fault injection model) of component security testing, and then specify some related definitions of FIM model and its matrix specification. A TGSM (test-cases generating based on solution matrix) algorithm of fault injection for component security is proposed based on FIM. The algorithm TGSM generates solution matrix that meets K factors coverage according to the matrix form of the FIM model. All rows data of the solution matrix compose the fault injection test-cases. The FIM model is implemented well based on research projects CSTS (component security testing system). Finally, the experimental results show that the approach which generates the fault injection test-cases of 3 factors coverage is effective. It can trigger the vast majority of the security exceptions by using the appropriate test-cases. FIM is effective and operable.

       

    /

    返回文章
    返回