CN105335291A - Software security test case design method - Google Patents
Software security test case design method Download PDFInfo
- Publication number
- CN105335291A CN105335291A CN201510770161.3A CN201510770161A CN105335291A CN 105335291 A CN105335291 A CN 105335291A CN 201510770161 A CN201510770161 A CN 201510770161A CN 105335291 A CN105335291 A CN 105335291A
- Authority
- CN
- China
- Prior art keywords
- software
- security
- test
- fault
- case
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a software security test case design method, and belongs to the field of software testing. According to the software security test case design method, security analysis and evaluation is performed on software, corresponding software security demands are made, potential faults and software operation which can cause faults are combined according to the idea of FTA fault tree minimum partitioning and a positive reverse analysis method, then primary test cases can be generated, and by using a basic compiling method of the software system test cases, redundancy of the cases can be reduced, and scientificity and basis of the security test case design can be improved.
Description
Technical field
The present invention discloses a kind of software security method for test examples design, belongs to software test field.
Background technology
Software security test is that in inspection software, whether already present software security measure is effectively tested, and is the important means ensureing security of system.Software security test can be divided into security functional testing and security vulnerability testing two aspects.Security functional testing be in the demand analysis stage of software with regard to the security function demand of customized software, specify the security function of software, whether realize at the correlation function of the acceptance phase testing software of software.Security breaches refer to the defect that can be utilized by malicious code or external attack existed in software systems, and current code inspection instrument is exactly for this class testing.At present, international organization achieves important achievement in the research and apply, standard formulation and popularization etc. of technology, and formulated a series of standard about software security and guide, the instrument of software-oriented security vulnerability testing is also grown up gradually.But what software security test was fragmentary is entrained in system testing, which use-case most software test practitioner is unaware of is security test use-case, along with the generation of software disaster, tester starts to introduce software security scanning tools, as Findbugs, AppScan etc., but instrument is the test of software-oriented security breaches, and have ignored software security functional test.
The invention provides a kind of software security method for test examples design, software carries out safety analysis and assessment, formulate corresponding software security sexual demand, in the thought of FTA fault tree smallest partition, in conjunction with positive Reverse Analysis Way of Trouble, the fault that may exist combines with the software operation of possibility initiating failure, thus generate preliminary test case, according to the basic write method of software system test use-case, reduce the redundancy of use-case, improve science and the basis of safety test case designing.
Summary of the invention
The present invention is directed to software security test attention degree in prior art not enough, and the test using software security scanning tools to carry out is tested mainly for software security flaw, have ignored software security functional test, in the doping that software security functional test is fragmentary and software system test use-case, lack systematicness, scientific problem, a kind of software security method for test examples design is provided, improves science and the basis of safety test case designing.
The concrete scheme that the present invention proposes is:
A kind of software security method for test examples design:
For software requirement, safety analysis and assessment are carried out to software, propose security requirement;
By software security requirement definition in the functional module of software, will least wish the top event of malfunction as fault analysis of generation in module, successively forward decomposes this fault until minimum fault, builds module FTA fault tree;
From all software operations enumerated and may cause minimum fault of starting with of Software for Design;
Carry out use-case in conjunction with Software function test to write, enumerated software operation is screened, reduce the redundancy of test case.
Adopt the methods combining Software function test of equivalence class partition or boundary value or cause-and-effect diagram to carry out use-case to write.
The software operation causing minimum fault is multiple, or when an operation causes multiple software minimum fault, carry out writing of use-case first draft in conjunction with Software function test, then adopt the methods combining Software function test of equivalence class partition or boundary value or cause-and-effect diagram to carry out use-case further to write.
Security requirement mainly comprises the privacy of data and integrality, access control, control of authority, safety management.
Usefulness of the present invention is:
The present invention is directed to software requirement, safety analysis and assessment are carried out to software, propose security requirement; By software security requirement definition in the functional module of software, will least wish the top event of malfunction as fault analysis of generation in module, successively forward decomposes this fault until minimum fault, builds module failure tree; From all software operations enumerated and may cause minimum fault of starting with of Software for Design; Carry out use-case in conjunction with Software function test to write, enumerated software operation is screened, reduce the redundancy of test case.Improve science and the basis of safety test case designing.
Accompanying drawing explanation
Fig. 1 the inventive method schematic flow sheet.
Embodiment
A kind of software security method for test examples design:
For software requirement, safety analysis and assessment are carried out to software, propose security requirement;
By software security requirement definition in the functional module of software, will least wish the top event of malfunction as fault analysis of generation in module, successively forward decomposes this fault until minimum fault, builds module failure tree;
From all software operations enumerated and may cause minimum fault of starting with of Software for Design;
Carry out use-case in conjunction with Software function test to write, enumerated software operation is screened, reduce the redundancy of test case.
According to said method and summary of the invention, with reference to accompanying drawing, the present invention will be further described.
A kind of software security method for test examples design:
For software requirement, safety analysis and assessment are carried out to software, propose security requirement; At the beginning of software test, safety analysis and assessment can be carried out by project review board to the demand of this software, propose corresponding software security sexual demand;
Wherein security requirement mainly comprises privacy and integrality, access control, control of authority, the safety management etc. of data;
By software security requirement definition in the functional module of software, will least wish the top event of malfunction as fault analysis of generation in module, successively forward decomposes this fault until minimum fault, builds module failure tree;
Can by software test personnel, according to software security sexual demand and Software for Design, sub-module determines FTA top event, as data destroy integrity, adopts forward analysis method, decompose this fault, such as decomposition data destroy integrity is that user data destroys, virtual machine uses historical data to be destroyed, and again decomposes this layer of fault, and such as decomposition user data integrity violations destroying for creating, revising destruction, deleting and destroying, this layer of fault can not be decomposed again, be then considered as minimum fault;
From all software operations enumerated and may cause minimum fault of starting with of Software for Design;
The possible software operation creating destruction as above-mentioned initiation is input value mistake, includes but not limited to be input as sky, mess code, long character etc.We adopt Reverse Analysis Way of Trouble thus, the operation of program and fault are mapped;
Because the software operation causing minimum fault may for multiple, or an operation can cause the situation of the practical applications such as the minimum fault of multiple softwares, first draft can be formed to software security test case, adopt the methods combining Software function test of equivalence class partition or boundary value or cause-and-effect diagram to carry out use-case again to write, enumerated software operation is screened, reduces the redundancy of test case.
To sum up, software of the present invention carries out safety analysis and assessment, formulate corresponding software security sexual demand, in the thought of FTA fault tree smallest partition, in conjunction with positive Reverse Analysis Way of Trouble, the fault that may exist combines with the software operation of possibility initiating failure, thus generate preliminary test case, according to the basic write method of software system test use-case, reduce the redundancy of use-case, improve science and the basis of safety test case designing.
Claims (4)
1. a software security method for test examples design, is characterized in that
For software requirement, safety analysis and assessment are carried out to software, propose security requirement;
By software security requirement definition in the functional module of software, will least wish the top event of malfunction as fault analysis of generation in module, successively forward decomposes this fault until minimum fault, builds module FTA fault tree;
From all software operations enumerated and may cause minimum fault of starting with of Software for Design;
Carry out use-case in conjunction with Software function test to write, enumerated software operation is screened, reduce the redundancy of test case.
2. a kind of software security method for test examples design according to claim 1, is characterized in that adopting the methods combining Software function test of equivalence class partition or boundary value or cause-and-effect diagram to carry out use-case writes.
3. a kind of software security method for test examples design according to claim 2, the software operation that it is characterized in that causing minimum fault is multiple, or when an operation causes multiple software minimum fault, carry out writing of use-case first draft in conjunction with Software function test, then adopt the methods combining Software function test of equivalence class partition or boundary value or cause-and-effect diagram to carry out use-case further to write.
4. a kind of software security method for test examples design according to any one of claim 1-3, is characterized in that security requirement mainly comprises the privacy of data and integrality, access control, control of authority, safety management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510770161.3A CN105335291A (en) | 2015-11-12 | 2015-11-12 | Software security test case design method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510770161.3A CN105335291A (en) | 2015-11-12 | 2015-11-12 | Software security test case design method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105335291A true CN105335291A (en) | 2016-02-17 |
Family
ID=55285844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510770161.3A Pending CN105335291A (en) | 2015-11-12 | 2015-11-12 | Software security test case design method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105335291A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109324973A (en) * | 2018-09-30 | 2019-02-12 | 中电科(德阳广汉)特种飞机系统工程有限公司 | A kind of method for testing software, device, equipment and computer readable storage medium |
| CN109977017A (en) * | 2019-03-28 | 2019-07-05 | 北京粉笔蓝天科技有限公司 | A kind of system performance testing case screening method and system |
| CN113282498A (en) * | 2021-05-31 | 2021-08-20 | 平安国际智慧城市科技股份有限公司 | Test case generation method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553328A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Fault tree analysis based system fault positioning method and device |
| WO2012104488A1 (en) * | 2011-02-02 | 2012-08-09 | Teknologian Tutkimuskeskus Vtt | Arrangement and method for model-based testing |
| CN103383722A (en) * | 2013-05-30 | 2013-11-06 | 北京航空航天大学 | Software safety proof development method combining product and process |
-
2015
- 2015-11-12 CN CN201510770161.3A patent/CN105335291A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553328A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Fault tree analysis based system fault positioning method and device |
| WO2012104488A1 (en) * | 2011-02-02 | 2012-08-09 | Teknologian Tutkimuskeskus Vtt | Arrangement and method for model-based testing |
| CN103383722A (en) * | 2013-05-30 | 2013-11-06 | 北京航空航天大学 | Software safety proof development method combining product and process |
Non-Patent Citations (2)
| Title |
|---|
| 刘文红等: "基于SFTA和等价类的软件测试用例设计方法研究与应用", 《现代电子技术》 * |
| 施寅生等: "软件安全性测试方法研究", 《微计算机信息》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109324973A (en) * | 2018-09-30 | 2019-02-12 | 中电科(德阳广汉)特种飞机系统工程有限公司 | A kind of method for testing software, device, equipment and computer readable storage medium |
| CN109977017A (en) * | 2019-03-28 | 2019-07-05 | 北京粉笔蓝天科技有限公司 | A kind of system performance testing case screening method and system |
| CN113282498A (en) * | 2021-05-31 | 2021-08-20 | 平安国际智慧城市科技股份有限公司 | Test case generation method, device, equipment and storage medium |
| CN113282498B (en) * | 2021-05-31 | 2024-04-05 | 深圳赛安特技术服务有限公司 | Method, device, equipment and storage medium for generating test cases |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6678307B2 (en) | Computer-based system and computer-based method for integrating and displaying (presenting) foreign information | |
| Li et al. | Risk assessment of the geological storage of CO 2: A review | |
| US10262143B2 (en) | System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems | |
| TWI575397B (en) | Point-wise protection of application using runtime agent and dynamic security analysis | |
| US9485268B2 (en) | System, method and apparatus to visually configure an analysis of a program | |
| CN103780614A (en) | Method for SQL injection vulnerability discovery based on simulated attack extension | |
| CN105335291A (en) | Software security test case design method | |
| Matsuno et al. | An implementation of GSN community standard | |
| Bieber et al. | Security and safety assurance for aerospace embedded systems | |
| KR101696694B1 (en) | Method And Apparatus For Analysing Source Code Vulnerability By Using TraceBack | |
| CN107193249A (en) | Program development servicing unit and program development householder method | |
| US11994977B2 (en) | Test case generation apparatus, test case generation method, and computer readable medium | |
| Papakonstantinou et al. | A simulation based approach to automate event tree generation for early complex system designs | |
| Cook et al. | A survey on industrial control system digital forensics: challenges, advances and future directions | |
| Hecht et al. | Failure propagation modeling in FMEAs for reliability, safety, and cybersecurity using SysML | |
| CN113206823A (en) | Industrial information safety monitoring method and device, computer equipment and storage medium | |
| Dubey | Towards adopting ODC in automation application development projects | |
| Feiler et al. | An architecture-led safety analysis method | |
| EP3608786B1 (en) | Systems and methods of requirements chaining and applications thereof | |
| KR20230097337A (en) | Device of evaluating nuclear facility cyberattack response training and method of thereof | |
| KR102134357B1 (en) | System for testing cyber security of nuclear power plant and method thereof | |
| Massaiu et al. | Human reliability analysis: from the nuclear to the petroleum sector | |
| Lhannaoui et al. | Analyzing risks in business process models using a deviational technique | |
| Kobayashi et al. | The effectiveness of D-Case application knowledge on a safety process | |
| Heitmeyer | On the role of formal methods in software certification: An experience report |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160217 |