Title :
CSTS: A Prototype Tool for Testing COM Component Security
Author :
Chen, Jinfu ; Lu, Yansheng ; Xie, Xiaodong
Author_Institution :
Sch. of Comput. Sci. & Telecommun. Eng., JiangSu Univ., Zhenjiang, China
Abstract :
The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS, a GUI (graphical user interface) software, adopts both static and dynamic testing based on fault injection and dynamic monitoring. Firstly, CSTS analyzes component type information and statically injects parameter faults into interface methods. Secondly, environment faults such as memory fault, file fault and process fault are injected into the tested component when the component is driven. Dynamic monitoring mechanism can monitor the running process of component and analyze the component security exceptions. Some commercial components were tested in the CSTS. The experimental results show that CSTS is effective and operable.
Keywords :
distributed object management; graphical user interfaces; object-oriented programming; security of data; software tools; CSTS software; Component Object Model; Microsoft COM component security; component security testing system; graphical user interface; Automatic testing; Graphical user interfaces; Information security; Monitoring; Prototypes; Software engineering; Software prototyping; Software testing; Software tools; System testing; component security; component testing; fault injection; testing tool;
Conference_Titel :
Hybrid Intelligent Systems, 2009. HIS '09. Ninth International Conference on
Conference_Location :
Shenyang
Print_ISBN :
978-0-7695-3745-0
DOI :
10.1109/HIS.2009.229
