An approach of security testing for third‐party component based on state mutation. Issue 15 (23rd January 2015)
- Record Type:
- Journal Article
- Title:
- An approach of security testing for third‐party component based on state mutation. Issue 15 (23rd January 2015)
- Main Title:
- An approach of security testing for third‐party component based on state mutation
- Authors:
- Chen, Jinfu
Chen, Jiamei
Huang, Rubing
Guo, Yuchi
Zhan, Yongzhao - Abstract:
- ABSTRACT: It is essential to study an effective approach of security testing for third‐party component. In this paper, to effectively trigger implicit vulnerabilities of third‐party components, an approach of security testing for third‐party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third‐party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third‐party components. Copyright © 2015 John Wiley & Sons, Ltd. Abstract : In this paper, two test cases generation algorithms are proposed on the basis of state mutation and extended finite state machine, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generateABSTRACT: It is essential to study an effective approach of security testing for third‐party component. In this paper, to effectively trigger implicit vulnerabilities of third‐party components, an approach of security testing for third‐party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third‐party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third‐party components. Copyright © 2015 John Wiley & Sons, Ltd. Abstract : In this paper, two test cases generation algorithms are proposed on the basis of state mutation and extended finite state machine, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third‐party components, and then, testing report of component security is obtained. … (more)
- Is Part Of:
- Security and communication networks. Volume 9:Issue 15(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 15(2016)
- Issue Display:
- Volume 9, Issue 15 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 15
- Issue Sort Value:
- 2016-0009-0015-0000
- Page Start:
- 2827
- Page End:
- 2842
- Publication Date:
- 2015-01-23
- Subjects:
- third‐party component -- security testing -- method sequence -- extended finite state machine -- state mutation
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1189 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 2779.xml