Title :
Data Oriented Software Security Testing
Author :
Hong Yu ; Liu Xiao-ming ; Huang Song ; Zheng Chang-You
Author_Institution :
Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
With the fast developing of Internet and intelligent device, information security issue is becoming much more important every day. More and more researchers are attracted to software security testing study. Most of them put their works on software access control model based testing, which takes into account information mainly on multi-dimensions, like roles, permissions and contexts. But the key disadvantage of access control model based testing is its model are hard to be built in many circumstance, for example, to describe requirement "picture A is only allowed to be copied twice outside terminal B", researcher has to extend the original model with hierarchy status and priority sub models. To overcome this disadvantage, this paper present a framework of data oriented access control testing method, which focus mainly on data and its actions instead of role, permission and contexts. Though experiments, this paper also proves that the method is much more instructive than access control model in test cases automatic generating.
Keywords :
authorisation; automatic test software; program testing; automatic test case generation; data actions; data-oriented software access control testing method; data-oriented software security testing method; information security issue; instructive method; Access control; Context modeling; Data models; Software; Testing; Unified modeling language; access control model; model based testing; security testing;
Conference_Titel :
Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4673-5034-1
DOI :
10.1109/IMCCC.2012.164
