A fault injection model-oriented testing strategy for component security

Jin-fu Chen , Yan-sheng Lu , Wei Zhang , Xiao-dong Xie

Journal of Central South University ›› 2009, Vol. 16 ›› Issue (2) : 258 -264.

PDF
Journal of Central South University ›› 2009, Vol. 16 ›› Issue (2) : 258 -264. DOI: 10.1007/s11771-009-0044-0
Article

A fault injection model-oriented testing strategy for component security

Author information +
History +
PDF

Abstract

A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities. A fault injection model was defined, and the faults were injected into the tested component based on the fault injection model to trigger security exceptions. The testing process could be recorded by the monitoring mechanism of the strategy, and the monitoring information was written into the security log. The component vulnerabilities could be detected by the detecting algorithm through analyzing the security log. Lastly, some experiments were done in an integration testing platform to verify the applicability of the strategy. The experimental results show that the strategy is effective and operable. The detecting rate is more than 90% for vulnerability components.

Keywords

component testing / component security / fault injection model / testing strategy / detecting algorithm

Cite this article

Download citation ▾
Jin-fu Chen, Yan-sheng Lu, Wei Zhang, Xiao-dong Xie. A fault injection model-oriented testing strategy for component security. Journal of Central South University, 2009, 16(2): 258-264 DOI:10.1007/s11771-009-0044-0

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

MaoC.-y., LuY.-sheng.. Research progress in testing techniques of component-based software [J]. Journal of Computer Research and Development, 2006, 43(8): 1375-1382

[2]

McgrawG.. Software security [J]. IEEE Security and Privacy, 2004, 2(2): 80-83

[3]

McgrawG., AllenB.. Software security testing [J]. IEEE Security and Privacy, 2004, 2(5): 81-85

[4]

JuA., WangA.. Security testing in software engineering courses [C]. Proeedings of the 34th ASEE/IEEE Frontiers in Education Conference, 2004, Los Alamitos, CA, IEEE: 13-18
[5]

HanJ., ZhengY.. Security characterisation and integrity assurance for component-based software [C]. Proceedings of 2000 International Conference on Softwave Methods and Tools (SMT 2000), 2000, Los Alanmitos, CA, IEEE CS: 61-66

[6]

GuoF., YuY., ChiuehT.. Automated and safe vulnerability assessment [C]. Proceedings of Annual Computer Security Applications Conference (ACSAC), 2005, Minato-ku, Tokyo, IEEE: 10-17
[7]

NissankeN.. Component security-issues and an approach [C]. Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC), 2005, Minato-ku, Tokyo, IEEE: 152-155
[8]

BryantE., VinodG., SanjitA., SomeshJ., ThomasW.. Automatic discovery of api-level exploits [C]. Proceedings of International Conference of Software Engineer (ICSE), 2005, Washington, D C, ACM: 312-321
[9]

ZhongQ., EdwardsN.. Security control for COTS components [J]. IEEE Computer, 1998, 31(6): 67-73

[10]

BertolinoA., PoliniA.. A framework for component deployment testing [C]. Proceedings of the 25th International Conference on Software Engineering (ICSE), 2003, Washington, D C, IEEE Computer Society: 221-231
[11]

HaddoxM. J., KapfhammerM. G., MichaelC. C.. An approach for understanding and testing third party software components [C]. Proceedings of Annual Reliability and Maintainability Symposium, 2002, Los Alamitos, CA, IEEE: 293-299
[12]

ChenJ.-f., LuY.-s., XieX.-d., ZhangW.. Testing approach of component security based on dynamic monitoring [C]. Proceedings of the 2nd International Multi-Symposiums on Computer and Computational Sciences IMSCCS 2007, 2007, Los Alamitos, CA, IEEE Computer Society: 381-386
[13]

LuY.-s., ChenJ.-f., XieX.-dong.. Testing model of component security based on dynamic monitoring [C]. Proceedings of China National Computer Conference, 2007, Beijing, Tsinghua University Press: 85-92
[14]

ThompsonH., WhittakerJ., MottayF.. Software security vulnerability testing in hostile environments [C]. Proceedings of the 2002 ACM Symposium on Applied Computing, 2002, Washington, DC, ACM: 260-264

[15]

DuW. X., MathurP. A.. Testing for software vulnerability using environment perturbation [J]. Quality and Reliability Engineering International, 2002, 18(3): 261-272

[16]

HsuehM., TsaiT., LyerK. R.. Fault injection techniques and tools [J]. IEEE Computer, 1997, 30(4): 75-82

[17]

VoasJ.. Fault injection for the masses [J]. IEEE Computer, 1997, 30(12): 129-130

[18]

VoasJ., McgrawG.Software fault injection: Inoculating programs against errors [M], 1997, New York, John Wiley and Sons
[19]

LookerN., MunroM., XuJ.. A comparison of network level fault injection with code insertion [C]. Proceedings of the 29th IEEE International Computer Software and Applications Conference, 2005, Los Alamitos, CA, IEEE: 479-484
[20]

WhittakerA. J.. Software’s invisible users [J]. IEEE Software, 2001, 18(3): 84-88

[21]

ChenJ.-f., ZhuL., ShenJ.-y., WhanZ.-hai.. Scheme on automated test data generation and its evaluation [J]. Journal of Central South University of Technology, 2006, 13(1): 87-92

[22]

LiJ.-y., GongH.-f., HuJ.-p., ZouB.-j., SunJ.-guang.. Class hierarchical test case generation algorithm based on expanded EMDPN model [J]. Journal of Central South University of Technology, 2006, 13(6): 717-721

[23]

JabeenF., Jaffar-Ur-RehmanM.. A framework for object oriented component testing [C]. Proceedings of the 2005 International Conference on Emerging Technologies, 2005, Minato-ku, Tokyo, IEEE: 451-460
AI Summary AI Mindmap
PDF

109

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/