摘要
相对于传统测试主要关注软件的肯定需求,安全性测试则主要关注软件的否定需求。基于威胁模型的软件安全性测试是从攻击者的角度对软件进行测试。使用UML顺序图对安全威胁进行建模,从威胁模型中导出消息序列,从消息序列中导出威胁行为轨迹。程序编码完成后,对代码进行插桩以记录程序运行时的方法调用和执行的轨迹。设计测试用例,执行插桩后的程序并记录程序运行时的执行轨迹,将记录的程序执行轨迹与模型中导出的威胁行为轨迹进行比较,以确定程序中是否存在违反安全策略的威胁行为。
Security testing focuses on negative requirements while most traditional software testing deals with positive requirements. Security testing based on threat model is from the adversary’s perspective. Threats to security policies are modeled with UML (Unified Modeling Language) sequence diagrams. The message sequences can derived from the threat models, and the threat traces can derived from the message sequences. When the code becomes baseline, it can be instrumented using the threat model as a guide, so as to record the trace of threat related method calling and method execution at runtime. The instrumented code is executed using test cases generated on design model. The execution traces are collected and analyzed to verify whether the execution traces are matched with the threat traces. If an execution trace matches a threat trace, a message will be produced to report the violation of security policies.
出处
《计算机安全》
2010年第2期11-13,17,共4页
Network & Computer Security
关键词
安全性测试
威胁模型
测试用例
统一建模语言
顺序图
security testing
threat model
test cases
UML(Unified Modeling Language)
sequence diagram
