Comparison of SETAM with Security Use Case and Security Misuse Case:A Software Security Testing Study

Comparison of SETAM with Security Use Case and Security Misuse Case:A Software Security Testing Study

导出

摘要 A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing. A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.

作者 HUI Zhanwei HUANG Song

机构地区 Software Test and Evaluation Centre PLA Military Training Software Test and Evaluation Centre

出处《Wuhan University Journal of Natural Sciences》 CAS 2012年第6期516-520,共5页 武汉大学学报（自然科学英文版）

基金 Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA01Z402) the PLA University of Science and Technology Pre-research Project (20110202, 20110210) the Natural Science Foundation of Jiangsu Province of China (BK2012059,BK2012060) the PLAUST Outstanding Graduate Student Thesis Fund (2012)

关键词 security testing security use case security misuse case software security testing behavior model security testing requirement security testing security use case security misuse case software security testing behavior model security testing requirement

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献18

1ISO/IEC JTC1. ISO/IEC 9126-1. Information Technology- Software Quality Characteristics and Metrics-Part 1: Quality Model [S]. Geneva: IEC Press, 2008.
2McGraw G. Softvare security [J]. IEEE Security and Privacy, 2004, 2(2): 80-83.
3Potter B, McGraw G. Software security testing [J]. IEEE Security and Privacy Magazine, 2004, 2(5): 81-85.
4CNCERT. CC[EB/OL]. [2011-06-23] http://www.cert.org, on. Firsmith D G. Security use cases[J]. Journal of Object Technology, 2003, 2(3): 53-64.
5Haley C B, Laney R, Moffett J D, et al. Security requirements engineering: A framework for representation and analysis [J]. IEEE Transaction on Software Engineering, 2008, 34(1): 133-153.
6Hui Z W, Huang S, Ren Z P, et al. Review of software security defects taxonomy[J]. Rough Set and Knowledge Technology (LNCS), 2010, 6401: 310-321.
7Hui Z W, Huang S. Software security testing of web applications based on SSD[J]. Communications in Computer and Information Science, 2010, 93: 527-534.
8Alexander Ian. Misuse case help to elicit nonfimctional requirements, lEE CCEJ. [EB/OL]. [2011-05-21 ]. http://easyweb.easynet, co. uk /～iany/eonsultancy/papers.htm.
9Sindre G, Opdahl A L. Templates for misuse case description. [EB/OL]. [2011-04-12]. http://www.ifi.uib.no/conf/refsq2001 /papers/p 2 5.pdf.
10Sindre G, Opdahl A L. Templates for misuse case description. [EB/OL]. [2011-04-12]. http://www.ifi.uib.no/conf/refsq2001 /papers/p25.pdf.

1骆其城.浅析软件安全的问题以及策略[J].赤子,2012(8):213-213.
2张晓磊,张晓明.基于堆栈的缓冲区溢出攻击原理[J].广州大学学报（自然科学版）,2004,3(4):329-332. 被引量：4
3韦湘,顾健.通用基础软件等级保护测评原型的研究[J].信息安全与技术,2014,5(3):29-34.
4王文林.网络安全漏洞的产生及软件安全测试的方法[J].计算机光盘软件与应用,2011(10):74-74.
5刘法旺,杨玚,骆俊瑞.手机软件二进制代码静态逆向安全测试例析[J].软件,2011,32(11):49-51. 被引量：1
6张升,陈恒如,韩利凯.软件安全测试方法探讨[J].科技视界,2015(22):89-89. 被引量：2
7刘文.软件安全测试的最佳实践[J].计算机与网络,2014,40(19):58-58.
8王宏,曹文霞.软件安全测试新武器——浅谈基于Dynamic Taint Propagation的测试技术[J].程序员,2008(5):89-90.
9刘益和,沈昌祥.一个信息安全函数及应用模型[J].计算机辅助设计与图形学学报,2005,17(12):2734-2738. 被引量：7
10王晓华.软件安全测试方法研究[J].农业网络信息,2010(3):122-124. 被引量：3

Wuhan University Journal of Natural Sciences

2012年第6期

浏览历史

内容加载中请稍等...

Comparison of SETAM with Security Use Case and Security Misuse Case:A Software Security Testing Study

参考文献18

相关作者

相关机构

相关主题

浏览历史