Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test dat...Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test data from software specification. Because of the precision and concision of specification, the test data derived from specification can test the software efficiently and entirely. This paper demonstrates a test class framework(TCF) on a file reading case study, specified using Z notation. This test class framework defines test case sets, providing structure to the testing process. Flexibility is preserved so that many testing strategies can be used.展开更多
Software vulnerability mining is an important way to detect whether there are some loopholes existing in the software, and also is an important way to ensure the security of information systems. With the rapid develop...Software vulnerability mining is an important way to detect whether there are some loopholes existing in the software, and also is an important way to ensure the security of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively detect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the commonly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of evaluation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Finally, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.展开更多
In recent years large corporations as well as smaller commercial enterprises have begun to devote increased attention to software testing and software quality. This paper introduces a novel tool—the Framework for Ext...In recent years large corporations as well as smaller commercial enterprises have begun to devote increased attention to software testing and software quality. This paper introduces a novel tool—the Framework for Extensible Application Testing (FEAT), implemented by the author and applicable for automatic generation and execution of test cases. The paper discusses system requirements, design, architecture and modes of operation. It also contains a detailed comparison of the FEAT framework with existing test environments, focusing in particular on the STAF/STAX framework. The final section is devoted to experimental research into the applicability and efficiency of the presented tools in various projects and configurations, as reflected by quality metrics.展开更多
Quality of software systems is highly demanded in today’s scenario. Highly testable system enhances the reliability also. More than 50% of test effort-time and cost are used to produce a highly testable system. Thus,...Quality of software systems is highly demanded in today’s scenario. Highly testable system enhances the reliability also. More than 50% of test effort-time and cost are used to produce a highly testable system. Thus, design-for-testability is needed to reduce the test effort. In order to enhance the quality, productivity and reduced cost of the software organizations are promoting to produce the reuse-oriented products. Incorporating reuse technology in both aspects-software development process and test process may payoff many folds. Keeping this view, our study focus the testability of the object-oriented framework based software systems and identify that flexibility at the variable points of the object-oriented framework, chosen for framework instantiation, greatly affects the testability of object-oriented framework based software at each level of testing. In the current paper, we propose a testability model considering the flexible aspect of the variable point to estimate testability in the early phase, requirement analysis phase, of development process of the framework based software. The proposed model helps to improve the testability of the software before the implementation starts thus reducing the overall development cost.展开更多
Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and speci...Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and special characteristics, is complex, time-consuming and challenging. In this paper a novel multi-agent framework for automated testing of web-based systems is presented. The main design goals have been to develop an effective and flexible framework that supports different types of tests and utilize different sources of information about the system under test to automate the test process. A prototype of the proposed framework has been implemented and is used to perform some experiments. The results are promising and prove the overall design of the framework.展开更多
Point of Care (PoC) devices and systems can be categorized into three broad classes (CAT 1, CAT 2, and CAT 3) based on the context of operation and usage. In this paper, the categories are defined to address certain u...Point of Care (PoC) devices and systems can be categorized into three broad classes (CAT 1, CAT 2, and CAT 3) based on the context of operation and usage. In this paper, the categories are defined to address certain usage models of the PoC device. PoC devices that are used for PoC testing and diagnostic applications are defined CAT 1 devices;PoC devices that are used for patient monitoring are defined as CAT 2 devices (PoCM);PoC devices that are used for as interfacing with other devices are defined as CAT 3 devices (PoCI). The PoCI devices provide an interface gateway for collecting and aggregating data from other medical devices. In all categories, data security is an important aspect. This paper presents a security framework concept, which is applicable for all of the classes of PoC operation. It outlines the concepts and security framework for preventing security challenges in unauthorized access to data, unintended data flow, and data tampering during communication between system entities, the user, and the PoC system. The security framework includes secure layering of basic PoC system architecture, protection of PoC devices in the context of application and network. Developing the security framework is taken into account of a thread model of the PoC system. A proposal for a low-level protocol is discussed. This protocol is independent of communications technologies, and it is elaborated in relation to providing security. An algorithm that can be used to overcome the threat challenges has been shown using the elements in the protocol. The paper further discusses the vulnerability scanning process for the PoC system interconnected network. The paper also presents a four-step process of authentication and authorization framework for providing the security for the PoC system. Finally, the paper concludes with the machine to machine (M2M) security viewpoint and discusses the key stakeholders within an actual deployment of the PoC system and its security challenges.展开更多
文摘Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test data from software specification. Because of the precision and concision of specification, the test data derived from specification can test the software efficiently and entirely. This paper demonstrates a test class framework(TCF) on a file reading case study, specified using Z notation. This test class framework defines test case sets, providing structure to the testing process. Flexibility is preserved so that many testing strategies can be used.
基金partly supported by National Natural Science Foundation of China (NSFC grant numbers: 61202110 and 61502205)the project of Jiangsu provincial Six Talent Peaks (Grant numbers: XYDXXJS-016)
文摘Software vulnerability mining is an important way to detect whether there are some loopholes existing in the software, and also is an important way to ensure the security of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively detect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the commonly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of evaluation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Finally, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guidance to aid the selection of the most appropriate and effective method or tools in vulnerability detection activity.
文摘In recent years large corporations as well as smaller commercial enterprises have begun to devote increased attention to software testing and software quality. This paper introduces a novel tool—the Framework for Extensible Application Testing (FEAT), implemented by the author and applicable for automatic generation and execution of test cases. The paper discusses system requirements, design, architecture and modes of operation. It also contains a detailed comparison of the FEAT framework with existing test environments, focusing in particular on the STAF/STAX framework. The final section is devoted to experimental research into the applicability and efficiency of the presented tools in various projects and configurations, as reflected by quality metrics.
文摘Quality of software systems is highly demanded in today’s scenario. Highly testable system enhances the reliability also. More than 50% of test effort-time and cost are used to produce a highly testable system. Thus, design-for-testability is needed to reduce the test effort. In order to enhance the quality, productivity and reduced cost of the software organizations are promoting to produce the reuse-oriented products. Incorporating reuse technology in both aspects-software development process and test process may payoff many folds. Keeping this view, our study focus the testability of the object-oriented framework based software systems and identify that flexibility at the variable points of the object-oriented framework, chosen for framework instantiation, greatly affects the testability of object-oriented framework based software at each level of testing. In the current paper, we propose a testability model considering the flexible aspect of the variable point to estimate testability in the early phase, requirement analysis phase, of development process of the framework based software. The proposed model helps to improve the testability of the software before the implementation starts thus reducing the overall development cost.
文摘Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and special characteristics, is complex, time-consuming and challenging. In this paper a novel multi-agent framework for automated testing of web-based systems is presented. The main design goals have been to develop an effective and flexible framework that supports different types of tests and utilize different sources of information about the system under test to automate the test process. A prototype of the proposed framework has been implemented and is used to perform some experiments. The results are promising and prove the overall design of the framework.
文摘Point of Care (PoC) devices and systems can be categorized into three broad classes (CAT 1, CAT 2, and CAT 3) based on the context of operation and usage. In this paper, the categories are defined to address certain usage models of the PoC device. PoC devices that are used for PoC testing and diagnostic applications are defined CAT 1 devices;PoC devices that are used for patient monitoring are defined as CAT 2 devices (PoCM);PoC devices that are used for as interfacing with other devices are defined as CAT 3 devices (PoCI). The PoCI devices provide an interface gateway for collecting and aggregating data from other medical devices. In all categories, data security is an important aspect. This paper presents a security framework concept, which is applicable for all of the classes of PoC operation. It outlines the concepts and security framework for preventing security challenges in unauthorized access to data, unintended data flow, and data tampering during communication between system entities, the user, and the PoC system. The security framework includes secure layering of basic PoC system architecture, protection of PoC devices in the context of application and network. Developing the security framework is taken into account of a thread model of the PoC system. A proposal for a low-level protocol is discussed. This protocol is independent of communications technologies, and it is elaborated in relation to providing security. An algorithm that can be used to overcome the threat challenges has been shown using the elements in the protocol. The paper further discusses the vulnerability scanning process for the PoC system interconnected network. The paper also presents a four-step process of authentication and authorization framework for providing the security for the PoC system. Finally, the paper concludes with the machine to machine (M2M) security viewpoint and discusses the key stakeholders within an actual deployment of the PoC system and its security challenges.
基金教育部考试中心-英国文化教育协会2020年英语测评科研课题“An Empirical Study into the Validity ofa CSE-based Placement test in China’s Transnational Higher Education”(考协[2020]263号)。
