高级检索

    基于安全策略模型的安全功能测试用例生成方法

    A Security Function Test Suite Generation Method Based on Security Policy Model

    • 摘要: 实施第三方安全功能独立测试是信息安全产品测评中的一个重要环节,对于以安全数据库管理系统为代表的信息安全产品,其系统规约的测试并不能完全真实反映系统行为,还需要满足系统安全策略.提出了基于安全策略模型的安全功能测试用例自动生成方法,该方法包括基于语法的划分、基于规则的划分、基于类型的划分等步骤,依据形式化安全模型生成正确描述系统行为的操作测试用例集.该方法有助于提高测试质量,发现手工测试中难以发现的缺陷,并有助于减少测试过程中的重复劳动,实现测试自动化并提高测试效率.

       

      Abstract: The third-party independent security function testing is one essential step of the security evaluation of security products. Generally the test case generation of independence testing is based on the product specification. However, in the independence testing of security products such as the secure database management system (SDBMS),the product must satisfy the requirement of the security policies in addition to the requirement of the product specification, which describes the objects and the measurement of the protection. Since the behaviors of security products are more precisely described in the security models instead of the specifications, the authors provide a test case generation method based on the formal security policy model. The method include the generation of the test specification based on the formal security policy model, the test space partitioning based on both the grammar and rules; partitioning rule based on the type and the combination principles. The method is more likely to find the fault and error in the product than in manual testing, and it helps the automation of testing and improves the efficiency.

       

    /

    返回文章
    返回