A fault injection model-oriented testing strategy for component security
- 54 Downloads
A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities. A fault injection model was defined, and the faults were injected into the tested component based on the fault injection model to trigger security exceptions. The testing process could be recorded by the monitoring mechanism of the strategy, and the monitoring information was written into the security log. The component vulnerabilities could be detected by the detecting algorithm through analyzing the security log. Lastly, some experiments were done in an integration testing platform to verify the applicability of the strategy. The experimental results show that the strategy is effective and operable. The detecting rate is more than 90% for vulnerability components.
Key wordscomponent testing component security fault injection model testing strategy detecting algorithm
Unable to display preview. Download preview PDF.
- JU A, WANG A. Security testing in software engineering courses [C]// Proeedings of the 34th ASEE/IEEE Frontiers in Education Conference. Los Alamitos, CA: IEEE, 2004: 13–18.Google Scholar
- GUO F, YU Y, CHIUEH T. Automated and safe vulnerability assessment [C]// Proceedings of Annual Computer Security Applications Conference (ACSAC). Minato-ku, Tokyo: IEEE, 2005: 10–17.Google Scholar
- NISSANKE N. Component security-issues and an approach [C]// Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC). Minato-ku, Tokyo: IEEE, 2005: 152–155.Google Scholar
- BRYANT E, VINOD G, SANJIT A, SOMESH J, THOMAS W. Automatic discovery of api-level exploits [C]// Proceedings of International Conference of Software Engineer (ICSE). Washington, D C: ACM, 2005: 312–321.Google Scholar
- BERTOLINO A, POLINI A. A framework for component deployment testing [C]// Proceedings of the 25th International Conference on Software Engineering (ICSE). Washington, D C: IEEE Computer Society, 2003: 221–231.Google Scholar
- HADDOX M J, KAPFHAMMER M G, MICHAEL C C. An approach for understanding and testing third party software components [C]// Proceedings of Annual Reliability and Maintainability Symposium. Los Alamitos, CA: IEEE, 2002: 293–299.Google Scholar
- CHEN Jin-fu, LU Yan-sheng, XIE Xiao-dong, ZHANG Wei. Testing approach of component security based on dynamic monitoring [C]// Proceedings of the 2nd International Multi-Symposiums on Computer and Computational Sciences IMSCCS 2007. Los Alamitos, CA: IEEE Computer Society, 2007: 381–386.Google Scholar
- LU Yan-sheng, CHEN Jin-fu, XIE Xiao-dong. Testing model of component security based on dynamic monitoring [C]// Proceedings of China National Computer Conference. Beijing: Tsinghua University Press, 2007: 85–92. (in Chinese)Google Scholar
- VOAS J, MCGRAW G. Software fault injection: Inoculating programs against errors [M]. New York: John Wiley and Sons, 1997.Google Scholar
- LOOKER N, MUNRO M, XU J. A comparison of network level fault injection with code insertion [C]// Proceedings of the 29th IEEE International Computer Software and Applications Conference. Los Alamitos, CA: IEEE, 2005: 479–484.Google Scholar
- JABEEN F, JAFFAR-UR-REHMAN M. A framework for object oriented component testing [C]// Proceedings of the 2005 International Conference on Emerging Technologies. Minato-ku, Tokyo: IEEE, 2005: 451–460.Google Scholar