| 一个基于安全模型的测试用例生成工具 |
| |
| 引用本文: | 黄亮,冯登国,张敏.一个基于安全模型的测试用例生成工具[J].中国科学院研究生院学报,2007,24(3):300-306. |
| |
| 作者姓名: | 黄亮 冯登国 张敏 |
| |
| 作者单位: | 1. 中国科学院软件研究所信息安全实验室,北京,100080
2. 中国科学院研究生院,北京,100049 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);国家自然科学基金 |
| |
| 摘 要: | 在基于安全评估标准的安全数据库管理系统(Security Database Management System, SDBMS)的安全功能测评中,存在的困难问题之一就是缺乏合适的测试用例.而目前基于安全产品形式化规约的测试用例自动生成方法并不能完全适用于这种需要.因为包括SDBMS在内的大多数信息安全产品的系统规约并不能真实的反映现实系统的行为,系统中的操作除了要完成其预定的功能外,同时还必须满足安全产品安全策略的约束.本文采用了基于安全产品安全策略模型的测试用例自动生成方法,设计并实现了一个测试用例自动化生成工具——CaseBuilder.该工具可针对SDBMS快速生成能够满足产品安全策略测试要求的测试用例集.
|
| 关 键 词: | 测试用例 信息安全产品测评 类型划分 安全策略模型 |
| 文章编号: | 1002-1175(2007)03-0300-07 |
| 修稿时间: | 2006年6月27日 |
A generation tool of test case based on security model |
| |
| HUANG Liang,FENG Deng-Guo,ZHANG Min.A generation tool of test case based on security model[J].Journal of the Graduate School of the Chinese Academy of Sciences,2007,24(3):300-306. |
| |
| Authors: | HUANG Liang FENG Deng-Guo ZHANG Min |
| |
| Institution: | The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Science, Beijing 100080;
The Graduate School of the Chinese Academy of Science, Beijing 100039 |
| |
| Abstract: | During the security evaluation of security products,one of the difficulties is the lack of proper test cases.Current automatic test case generation tools cannot completely solve the problem.The reason is that most specifications of information security products,such as the Secure Database Management System(SDBMS),cannot reflect the systems' real behaviors.Besides the requirements of the product specification,the system must also satisfy the requirements of the security policies.In this paper,we present the design and implementation of CaseBuilder,an automatic test case generating tool,which has adopted a test case generating method based on the product's security policies.As the result of prototyping,CaseBuilder can generate test cases for SDBMS effectively,which can well satisfy the testing requirements of security policy model. |
| |
| Keywords: | test case evaluation of security product type-based partition security policy model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《中国科学院研究生院学报》浏览原始摘要信息 |
| 点击此处可从《中国科学院研究生院学报》下载免费的PDF全文 |
