Data Oriented Software Security Testing

Author

Hong Yu ; Liu Xiao-ming ; Huang Song ; Zheng Chang-You

Author_Institution

Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China

fYear

2012

fDate

8-10 Dec. 2012

Firstpage

676

Lastpage

679

Abstract

With the fast developing of Internet and intelligent device, information security issue is becoming much more important every day. More and more researchers are attracted to software security testing study. Most of them put their works on software access control model based testing, which takes into account information mainly on multi-dimensions, like roles, permissions and contexts. But the key disadvantage of access control model based testing is its model are hard to be built in many circumstance, for example, to describe requirement "picture A is only allowed to be copied twice outside terminal B", researcher has to extend the original model with hierarchy status and priority sub models. To overcome this disadvantage, this paper present a framework of data oriented access control testing method, which focus mainly on data and its actions instead of role, permission and contexts. Though experiments, this paper also proves that the method is much more instructive than access control model in test cases automatic generating.

Keywords

authorisation; automatic test software; program testing; automatic test case generation; data actions; data-oriented software access control testing method; data-oriented software security testing method; information security issue; instructive method; Access control; Context modeling; Data models; Software; Testing; Unified modeling language; access control model; model based testing; security testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on

Conference_Location

Harbin

Print_ISBN

978-1-4673-5034-1

Type

conf

DOI

10.1109/IMCCC.2012.164

Filename

6428999