Abstract
It is very important but quite difficult to test the security of an operating system. In this paper, some essential problems about security testing of an operating system are discussed, including conception and extension of security testing, feasibility and technical scheme for automated security testing of an operating system, security of system calls, testing sequence for system calls, and etc. Thereafter, a prototype system (i.e. a series of testing tools) for automated security testing of system calls is designed and implemented based on Fedora 9 and Linux kernel 2.6.25-14.fc9.i686, which is made up of control module, objects setup module, standard test module, special test module and test configuration database for each system call. Furthermore, test cases as well as test results for systems calls such as creat, access and etc are discussed and analyzed. Finally, the research work in this paper is summarized while further research directions are pointed out.
The research presented in this paper was performed with the support of Beijing Jiaotong University Grants for 2005SM016.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zhai, G., Li, Y.: Analysis and Study of Security Mechanisms inside Linux Kernel. In: Proceedings of 2008 International Conference on Security Technology (SECTECH 2008), pp. 58–61. IEEE Computer Society, Los Alamitos (2008)
Zhai, G., Zeng, J., Ma, M., Zhang, L.: Implementation and Automatic Testing for Security Enhancement of Linux Based on Least Privilege. In: Proceedings of the 2nd International Conference on Information Security and Assurance (ISA 2008), pp. 181–186. IEEE Computer Society, Los Alamitos (2008)
Trusted Computer Systems Evaluation Criteria, US DoD 5200.28-STD (1985)
Common Criteria for Information Technology Security Evaluation. Version 2.2 (2008)
Myers, G.J., Badgett, T., Thomas, T.M., Sandler, C.: The Art of Software Testing, 2nd edn. John Wiley & Sons Inc., New Jersey (2004)
Mosley, D.J., Posey, B.A.: Just Enough Software Test Automation, 2nd edn. Pearson Education Inc., New Jersey (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhai, G., Niu, H., Yang, N., Tian, M., Liu, C., Yang, H. (2009). Security Testing for Operating System and Its System Calls. In: Ślęzak, D., Kim, Th., Fang, WC., Arnett, K.P. (eds) Security Technology. SecTech 2009. Communications in Computer and Information Science, vol 58. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10847-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-10847-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10846-4
Online ISBN: 978-3-642-10847-1
eBook Packages: Computer ScienceComputer Science (R0)