一种采用接口错误注入的构件安全性测试方法  被引量:6

Component Security Testing Approach by Using Interface Fault Injection

在线阅读下载全文

作  者:陈锦富[1,2] 卢炎生[2] 谢晓东[2] 

机构地区:[1]江苏大学计算机科学与通信工程学院,江苏镇江212013 [2]华中科技大学计算机科学与技术学院,湖北武汉430074

出  处:《小型微型计算机系统》2010年第6期1090-1096,共7页Journal of Chinese Computer Systems

基  金:江苏大学高级人才科研启动基金项目(90JDG047)资助;国家预研项目(513150601)资助

摘  要:构件特别是第三方构件的安全性是影响构件技术发展的重要因素.当前甚少将构件安全性问题作为一个专门的课题来研究,也没有确实可行的方法和技术用来检测构件安全漏洞.构件的安全性问题仍然没有得到较好的解决.提出一种基于接口错误注入的构件安全性测试方法.方法首先给出构件脆弱性错误注入算子、断言规则库及其脆弱因子,然后基于错误注入算子和断言规则库给出一种构件安全测试算法.算法根据错误注入算子有针对性地产生测试用例并执行测试,动态监测机制能实时监测构件运行状态及异常信息.算法根据断言规则库、脆弱性因子及异常信息给出构件安全异常报告及构件安全等级.最后在一集成测试平台中实现了该方法,同时做了大量实验,并和FUZZ法进行了对比分析.实验结果表明所提出的测试方法可操作性强,且对构件脆弱性具有较好的检测效果.The security of components block the development of component technology.Currently,component security testing is rarely researched as a special subject,and there are not some feasible approaches or technologies in detecting component security vulnerabilities.Problems with the component security have not yet been solved.A testing approach of component security was proposed based on interface fault injection.The fault injection operators of component vulnerability,predication rules and vulnerability factor were firstly presented and then a testing algorithm of component security was proposed based on fault injection operators and predication rules.The algorithm generates test-cases according to fault injection operators.The testing process and exceptional information could be monitored and recorded by dynamic monitoring mechanism after running tested component.The testing report and component security level could be obtained by testing algorithm.Lastly,some experiments were done in an integration testing platform to verify the applicability of proposed approach.The experimental results show that the approach is effective and operable.

关 键 词:构件测试 构件安全 接口错误注入 错误注入算子 安全评估 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象