一种构件安全测试错误注入模型  被引量：8

作　　者：陈锦富[1] 卢炎生[1] 谢晓东[1] 

机构地区：[1]华中科技大学计算机科学与技术学院,武汉430074

出　　处：《计算机研究与发展》2009年第7期1127-1135,共9页Journal of Computer Research and Development

基　　金：国家部委预研基金项目(513150601)~~

摘　　要：构件特别是第三方构件的可靠性及安全性是影响构件技术发展的重要因素之一.目前在构件安全漏洞的测试方法和技术方面研究还不够深入.提出了一种构件安全测试错误注入模型FI M(fault injection model of component security testing),并对FI M模型的相关定义及其矩阵形式进行了详细阐述,同时基于FI M模型给出了一种错误注入测试用例生成算法TGSM(test-case generating based on solution matrix).TGSM算法根据矩阵形式的FI M模型生成满足K因素覆盖的解矩阵,解矩阵的所有行数据组成了错误注入测试用例.在研究项目CSTS(component securitytesting system)中实现了FI M模型,实验结果表明FI M生成的三因素覆盖错误注入测试用例效果显著,能用适当的测试用例触发绝大部分构件安全异常.FI M模型具有较好的可操作性及可用性.The reliability and security of components block the development of component technology. Currently, component security testing is rarely researched as a special subject, and there are not some feasible approaches or technologies in detecting component security vulnerabilities. Problems with the component reliability and security have not yet been solved. The authors propose a FIM （fault injection model） of component security testing, and then specify some related definitions of FIM model and its matrix specification. A TGSM （test-cases generating based on solution matrix） algorithm of fault injection for component security is proposed based on FIM, The algorithm TGSM generates solution matrix that meets K factors coverage according to the matrix form of the FIM model. All rows data of the solution matrix compose the fault injection test-cases. The FIM model is implemented well based on research projects CSTS （component security testing system）. Finally, the experimental results show that the approach which generates the fault injection test-cases of 3 factors coverage is effective. It can trigger the vast majority of the security exceptions by using the appropriate test-cases. FIM is effective and operable.

关 键 词：构件测试 构件安全 错误注入 安全异常 测试用例生成 

分 类 号：TP311.52[自动化与计算机技术—计算机软件与理论] TP393.09[自动化与计算机技术—计算机科学与技术]