Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid devel...Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively de- tect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the common- ly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of eval- uation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Final- ly, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guid- ance to aid the selection of the most appropri- ate and effective method or tools in vulnera- bility detection activity.展开更多
This paper presents a framework that can be used to formalize the specification-based single-class test generation process. Object-Z is used to describe both software requirements and the proposed framework. Using thi...This paper presents a framework that can be used to formalize the specification-based single-class test generation process. Object-Z is used to describe both software requirements and the proposed framework. Using this framework, test engineers can automatically get the testing process model during the test generation process. With this model, properties of test cases ( such as relationship between test cases and methods can easily be captured. Furthermore, with the framework, the test process model can be updated automatically with the test generation process. The properties of test cases can then be updated correspondingly. It will greatly facilitate the regression testing. The main contribution of this paper is that it provides an approach to formalizing testing process by extending existing framework to class testing, and a way to represent test cases as multi-part, multi-step, multi-level artifacts.展开更多
Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test dat...Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test data from software specification. Because of the precision and concision of specification, the test data derived from specification can test the software efficiently and entirely. This paper demonstrates a test class framework(TCF) on a file reading case study, specified using Z notation. This test class framework defines test case sets, providing structure to the testing process. Flexibility is preserved so that many testing strategies can be used.展开更多
基金partly supported by National Natural Science Foundation of China (NSFC grant numbers: 61202110 and 61502205)the project of Jiangsu provincial Six Talent Peaks (Grant numbers: XYDXXJS-016)
文摘Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively de- tect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the common- ly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of eval- uation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Final- ly, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guid- ance to aid the selection of the most appropri- ate and effective method or tools in vulnera- bility detection activity.
文摘This paper presents a framework that can be used to formalize the specification-based single-class test generation process. Object-Z is used to describe both software requirements and the proposed framework. Using this framework, test engineers can automatically get the testing process model during the test generation process. With this model, properties of test cases ( such as relationship between test cases and methods can easily be captured. Furthermore, with the framework, the test process model can be updated automatically with the test generation process. The properties of test cases can then be updated correspondingly. It will greatly facilitate the regression testing. The main contribution of this paper is that it provides an approach to formalizing testing process by extending existing framework to class testing, and a way to represent test cases as multi-part, multi-step, multi-level artifacts.
文摘Testing is a standard method for verification of software performance. Producing efficient and appropriate test case is an important aspect in testing. Specification based testing presents a method to derive test data from software specification. Because of the precision and concision of specification, the test data derived from specification can test the software efficiently and entirely. This paper demonstrates a test class framework(TCF) on a file reading case study, specified using Z notation. This test class framework defines test case sets, providing structure to the testing process. Flexibility is preserved so that many testing strategies can be used.
