Comparison of SETAM with Security Use Case and Security Misuse Case:A Software Security Testing Study  

作　　者：HUI Zhanwei HUANG Song 

机构地区：[1]Software Test and Evaluation Centre,PLA University of Science and Technology,Nanjing 210007,Jiangsu,China [2]PLA Military Training Software Test and Evaluation Centre,Nanjing 210007,Jiangsu,China

出　　处：《Wuhan University Journal of Natural Sciences》2012年第6期516-520,共5页武汉大学学报（自然科学英文版）

基　　金：Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA01Z402);the PLA University of Science and Technology Pre-research Project (20110202, 20110210);the Natural Science Foundation of Jiangsu Province of China (BK2012059,BK2012060);the PLAUST Outstanding Graduate Student Thesis Fund (2012)

摘　　要：A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.

关 键 词：security testing security use case security misuse case software security testing behavior model security testing requirement 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]