基于安全策略模型的安全功能测试用例生成方法  被引量:6

A Security Function Test Suite Generation Method Based on Security Policy Model

在线阅读下载全文

作  者:张敏[1] 冯登国[1] 陈驰[1] 

机构地区:[1]中国科学院软件研究所信息安全国家重点实验室,北京100190

出  处:《计算机研究与发展》2009年第10期1686-1692,共7页Journal of Computer Research and Development

基  金:国家"八六三"高技术研究发展计划基金项目(2007AA120404;2007AA120405)~~

摘  要:实施第三方安全功能独立测试是信息安全产品测评中的一个重要环节,对于以安全数据库管理系统为代表的信息安全产品,其系统规约的测试并不能完全真实反映系统行为,还需要满足系统安全策略.提出了基于安全策略模型的安全功能测试用例自动生成方法,该方法包括基于语法的划分、基于规则的划分、基于类型的划分等步骤,依据形式化安全模型生成正确描述系统行为的操作测试用例集.该方法有助于提高测试质量,发现手工测试中难以发现的缺陷,并有助于减少测试过程中的重复劳动,实现测试自动化并提高测试效率.The third-party independent security function testing is one essential step of the security evaluation of security products. Generally the test case generation of independence testing is based on the product specification. However, in the independence testing of security products such as the secure database management system (SDBMS), the product must satisfy the requirement of the security policies in addition to the requirement of the product specification, which describes the objects and the measurement of the protection. Since the behaviors of security products are more precisely described in the security models instead of the specifications, the authors provide a test case generation method based on the formal security policy model. The method include the generation of the test specification based on the formal security policy model, the test space partitioning based on both the grammar and rules; partitioning rule based on the type and the combination principles. The method is more likely to find the fault and error in the product than in manual testing, and it helps the automation of testing and improves the efficiency.

关 键 词:安全策略模型 安全功能测试 测试用例生成 自动化测试 基于类型的划分 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象