CN103617114B - Based on third party's component vulnerability test method of condition and parameter variation - Google Patents
Based on third party's component vulnerability test method of condition and parameter variation Download PDFInfo
- Publication number
- CN103617114B CN103617114B CN201310501450.4A CN201310501450A CN103617114B CN 103617114 B CN103617114 B CN 103617114B CN 201310501450 A CN201310501450 A CN 201310501450A CN 103617114 B CN103617114 B CN 103617114B
- Authority
- CN
- China
- Prior art keywords
- test
- parameter
- variation
- component
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a kind of third party's component vulnerability test method based on condition and parameter variation, comprising: analyze component interface by the typelib of third party's component, obtain the type information of component; According to description and the IDL of component, obtain the demand for security stipulations of component; From requirements specification, the precondition of preparation method and postcondition, carry out Conditional mutation test to method sequence; In demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence; According to the test result of step 3 and step 4, obtain vulnerability testing report.The present invention has certain effect to explicit security exception, can the security of detection means, improves the efficiency of test.
Description
Technical field
The invention belongs to third party's component vulnerability test technical field, relate to a kind of third party's component vulnerability test method based on condition and parameter variation.
Background technology
Along with the development of component technology, increasing business software manufacturer buys and uses third party's component, comprises some security critical software as developments such as medical treatment, banks.Research over nearly 30 years mainly concentrates on the functional test of component, excavate the mistake of component in exploitation and realization as possible, and the vulnerability testing of component is the problem that can not be ignored in front member development, the especially fragility problem of third party's component.Third party's component, because source code is unknowable and height independence, makes white-box testing technology successfully to use, and this brings difficulty and challenge to the vulnerability testing of third party's component.
Vulnerability testing refers to and detects the component defect that all threaten computer system security, as run counter to demand for security, RAM leakage, buffer overflow etc., current component vulnerability test mainly contains component safety test description and safety assessment, component configure and encapsulate security test, utilize formalization method etc., and these researchs do not provide testing algorithm or do not carry out experimental verification to method.The people such as Fakhra propose the demand for security implementation for improving the safe testability of component, carry out normalized illustration, but do not relate to the method for testing of safety standard from aspects such as Resourse Distribute, environment configurations and method calls.The people such as Bertolino propose a kind of framework of Component Integration Test, increase spy's module in framework tested component, for collecting state when running with comparison means and resource allocation conditions, if relevant operational state or environment violate demand for security and illustrate, then can conclude that it exists security exception.The people such as M.Haddox propose the packaging and testing method encapsulated component to be measured, increase the input and output test interface of component in wrapper, the combination member statement of requirements further analytical test third party component.But the method for Bertolino and M.Haddox has only carried out desk study in theory, and its feasibility does not compare effective experimental verification.
Summary of the invention
The information such as the combination member statement of requirements and parameter are not considered in method of testing based on third party's component in prior art, always bring inaccuracy and the integrality of test, therefore the present invention proposes a kind of third party's component vulnerability test method based on condition and parameter variation, solves the problems referred to above.
The invention provides a kind of third party's component vulnerability test method based on condition and parameter variation, comprising:
Step 1 analyzes component interface by the typelib of third party's component, obtains the type information of component;
Step 2, according to the description of component and IDL, obtains the demand for security stipulations of component;
The precondition of step 3 preparation method from requirements specification and postcondition, carry out Conditional mutation test to method sequence;
In step 4 demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence;
Step 5, according to the test result of step 3 and step 4, obtains vulnerability testing report.
First aspect, above-mentioned steps 3 specifically comprises:
Each method successively in detection method sequence, if method exists precondition, according to the Test cases generation algorithm based on Constrained equations, generate legal test data, if legal test data occurs exception or runs counter to postcondition, then there are security breaches in described third party's component;
According to precondition mutation algorithm, generate precondition variant, and according to the precondition of variation and the Test cases generation algorithm based on Constrained equations, generate the test case violating precondition, if method true(-)running and result is different from expection, then illustrate that the judgement in described third party's component exists leak, the condition of test case, method information and variation is recorded to Conditional mutation test report;
If method does not exist precondition, obtain test case with boundary value and random testing method, whether correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition are recorded to Conditional mutation test report.
Second aspect, above-mentioned steps 4 specifically comprises:
Each method successively in detection method sequence, and the value constraint that acquisition methods parameter is relevant from demand for security stipulations and relation constraint, if method exists parameter, according to the Test cases generation algorithm based on restriction on the parameters, production test use-case.
Test case is brought in method successively, operation method;
If actual result is different from expectation value, method information, parameter information and use-case are written in parameter variation test report;
Obtain parameter variation test report.
The third aspect, above-mentioned precondition mutation algorithm comprises:
The precondition of method is changed into disjunctive normal form, is namely expressed as extracting of several subitems, each subitem is the conjunction of several relational expressions;
All variant collection that subitem variation method obtains first subitem are called to first subitem;
The variant collection that subitem variation method obtains second subitem is called to second subitem;
Travel through two variant collection successively, the relational expression that variation formula s and t, s and t do not comprise mutual exclusion if exist respectively, then s and t phase and being incorporated into is gathered in T.
Fourth aspect, the above-mentioned Test cases generation algorithm based on restriction on the parameters specifically comprises: to each parameter call one-parameter variation value set function of method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation defines according to type, obtains variation value collection; If parameter is value type, concentrates deletion not meet the variation value of value constraint from its value, otherwise delete the variation value meeting value constraint; If number of parameters is one, return variation value collection as final test use cases; If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection; If parameter is more than three, carry out Three factors combined covering generating test use case collection; The set of uses case that above-mentioned two kinds of situations generate is got rid of the use-case meeting parametric relationship constraint, namely obtains final test use cases.
The effect that the present invention is useful is: 1. Conditional mutation utilizes the Test cases generation algorithm based on Constrained equations proposed to generate the test case meeting precondition, and precondition mutation algorithm is proposed, generate several variants of precondition, generate in conjunction with the Test cases generation algorithm based on Constrained equations the test data running counter to precondition, and carry out Hole Detection by Conditional mutation Hole Detection algorithm.
2. parameter variation method utilizes all operators based on the Test cases generation algorithm of restriction on the parameters is relevant according to the type action of parameter to generate test data, test set is reduced by combined covering, filter out the test case running counter to parametric relationship constraint, and in conjunction with the security of security breaches detection algorithm from parameter angle detection means.
3. there is complete demand for security to illustrate (it not only comprises and have recorded Component and attribute, also comprises method precondition, postcondition, constraint that parameter is relevant) based on condition and parameter variation strategy; Safety detecting method framework is defined and describes; Conditional mutation algorithm and parameter variation algorithm are suggested and generate variation method sequence; Hole Detection algorithm is suggested detection means whether safety; Experimental result shows that method of the present invention has certain effect to explicit security exception, can the security of detection means, improves the efficiency of test.
Accompanying drawing explanation
Fig. 1 is relational operator misquotation operator RRF schematic diagram;
Fig. 2 is the third party's component vulnerability test method process flow diagram based on condition and parameter variation of the embodiment of the present invention;
Fig. 3 is description and the example schematic diagram of the parameter stipulations mutation operator of the embodiment of the present invention;
The component details table of Fig. 4 a embodiment of the present invention;
The experimental result table of Fig. 4 b embodiment of the present invention;
The Comparison of experiment results table of Fig. 4 c embodiment of the present invention;
The parameter variation method that utilizes of Fig. 5 a embodiment of the present invention carries out the information table of testing;
The parameter variation method that utilizes of Fig. 5 b embodiment of the present invention carries out the result table of testing;
Fig. 6 is the Comparison of experiment results schematic diagram of parameter variation and Fuzz method of testing and boundary value.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described, is to be noted that described embodiment is only intended to be convenient to the understanding of the present invention, and do not play any restriction effect to it.
Object of the present invention is for the feature of third party's component display exception, a kind of vulnerability testing method that precondition based on third party's Component, postcondition and parameter stipulations make a variation is provided, the display effectively detecting third party's component is abnormal, provide perfect vulnerability testing framework and mutation algorithm, and carry out sufficient experiment, demonstrate feasibility and the validity of method.
First, the several concept definitions of definition involved by the embodiment of the present invention are as follows,
The feature defining 1 precondition is a series of constraint conditions that must meet before method is called;
The feature defining 2 postconditions is the condition that should meet after method call terminates, and postcondition judges the correctness of executable operations after method end of run.
The Boolean expression that the precondition of method, postcondition can be expressed as by the output of the rreturn value of method, method, parameter, environmental variance marriage relation operational symbol, arithmetic operator symbol, Boolean operator etc.;
Define 3 Conditional mutation operator RRF(RelationalOperatorReferenceFaultOperator) change the relation character of single simple relational expression into contrary symbol, as shown in Figure 1.
The feature of definition 4 value constraint is that Component parameter exists numerical value constraint, as a method parameter index represents index index >=0 of array.
The feature defining the relation constraint between 5 parameters also may there is constraint between the parameter in a method, constraint expression formula between parameter is used for the judgement Boolean expression easily making a mistake or omit in simulator program, as differentiated triangle class method for distinguishing, a, b, c is leg-of-mutton three limits, the leg-of-mutton judgement of right and wrong that the method leakiness judges, the constraint formula between parameter is: a+b>c & & a+c>b & & b+c>a.
Define 6 method sequences: the execution sequence that Component is feasible, method sequence can generate method sequence by the migration tree of component and base path testing algorithm, or adopts data mining technology to extract execution sequence.
Define the DNF form of 7 preconditions: method precondition is represented by several relational expressions and Boolean operator.In Boolean logic, a Boolean formulas can be expressed as disjunctive normal form DNF (DisjunctiveNormalForm) of equal value, and disjunctive normal form refers to that a Boolean formulas is extracting of several unit, and each unit is the conjunction of several words.Adopt the definition of disjunctive normal form in Boolean logic, the precondition of method can be expressed as disjunctive normal form, precondition is extracting of several subitems, each subitem is the conjunction of several relational expressions, each relational expression is considered as a word in Boolean logic, the form of all preconditions is Exp11 & & Exp12... & & Exp1s|| ... || Expm1 & & Expm2 ... & & Expmt, Expij is a relational expression.
Define 8 Constrained equations: according to the precondition of the disjunctive normal form that definition 5 describes, by Exp11 & & Exp12... & & Exp1s|| ... || Expm1 & & Expm2 ... & & Expmt is converted into m Constrained equations
As shown in Figure 2, the third party's component vulnerability test method based on condition and parameter variation of the present invention, comprising:
Step 201, analyzes component interface by the typelib of third party's component, obtains the type information of component.
Step 202, according to description and the IDL of component, obtains the demand for security stipulations of component.
Demand for security stipulations in the embodiment of the present invention are described by XML according to certain pattern, and demand for security stipulations can be provided by component development side, also can by component user.Demand for security stipulations can obtain according to information comprehensive analysis such as the functional description of component and IDL, demand for security stipulations comprise Component information, value constraint as relevant in the parameter type of method, rreturn value type, method name, method precondition, postcondition and method parameter, relation constraint.
Step 203, from requirements specification, the precondition of preparation method and postcondition, carry out Conditional mutation test to method sequence.
In above-mentioned step 203, the step of above-mentioned Conditional mutation test is as follows:
Step 2031, each method successively in detection method sequence, and from demand for security stipulations, extract precondition, the postcondition constraint of the method, if there is precondition in method, according to the Test cases generation algorithm of Constrained equations, solve precondition Constrained equations, obtain the test case of parameter, the method that test case substituted into is run.In operational process, judge whether legal test data occurs exception or run counter to postcondition, if occur exception or run counter to postcondition, then illustrate to there are security breaches.This test case triggers security exception, and the information such as test case, exception, precondition, postcondition and method are recorded to test report.Run if normal and meet postcondition, then this safety test use-case being deleted.
Concrete according to above-mentioned definition 7 and 8, according to the Test cases generation algorithm of Constrained equations, solve the Constrained equations that precondition obtains, obtain the solution of each Constrained equations, then separate merging obtain test case by organizing more, concrete steps are as follows:
Because the back-track algorithm in this algorithm is very consuming time, if system of equations is without solution, repeatedly recalling very consuming timely affects efficiency of algorithm.The present invention designs the criterion whether a constraint IF system of equations has solution, then can avoid, to the repeatedly backtracking without the system of equations of separating, improving the efficiency of algorithm.Whether Constrained equations is without the criterion of separating: left side variable in Constrained equations being moved on to relational operator, the right is operand, equation being converted to operational symbol is equation of equal value with it, detect and whether there are several equations, the left side of equation and be 0, the right and the number being not equal to 0, if exist, illustrate that system of equations is without solution.If system of equations has solution, solution procedure is as follows; Equation in system of equations is divided into simple equation or complicated equation, and simple equation only comprises a variable, if equation comprises more than one variable, is complicated equation.Establish initial codomain to contained variable xi according to simple equation, the initial codomain without the variable of simple equation is (-∞ ,+∞), and is deleted from system of equations by simple equation; Select the variable that in complicated equation, occurrences number of times is maximum or codomain is the narrowest to be current variable, from its codomain, Stochastic choice one value assignment is to current variable; The value of current variable is substituted in system of equations; If there is simple equation in system of equations after current variable assignment, redefine the codomain of contained variable according to simple equation, if the codomain of codomain and last time is occured simultaneously for sky, recall; Repeat above process until all variablees all assignment.
Step 2032, calls precondition mutation algorithm, utilizes relational operator misquotation operator RRF to generate precondition variant; And according to the precondition of variation and the Test cases generation algorithm based on Constrained equations, generate the test case violating precondition, if method true(-)running and result is different from expection, then this test case is effective, and determine to there is leak, the condition of test case, method information and variation is recorded to Conditional mutation test report.
Introduce above-mentioned precondition mutation algorithm below, for JudgeTriangle method (precondition is 50>a>0 & & 50>b>0 & & 50>c>0), then the process that the precondition that makes a variation in implementation condition mutation algorithm obtains variant is as follows:
1), the precondition 50>a>0 & & 50>b>0 & & 50>c>0 of method is changed into disjunctive normal form, namely extracting of several subitems is expressed as, each subitem is the conjunction of several relational expressions, for precondition 50>a>0 & & 50>b>0 & & 50>c>0, known precondition only has a subitem and 50>a>0 & & 50>b>0 & & 50>c>0 itself,
2), all variant collection that subitem variation method obtains first subitem are called to first subitem;
Subitem variation is in conjunction with mutation operator RRF variation Expi1 & & Expij & & ... all variant collection to subitem of & & Expin, process comprises: utilize operator RRF Variation Relationship formula Expij, relational operator in relational expression is made a variation for contrary symbol, variation set RRF (Expij) represents, refer to Fig. 1, make a variation Expi1 successively, Expij, the RRF (Expi1) that Expin obtains, RRF (Expij) ..., RRF (Expin).Til={Expi1, RRF (Expi1) }, Tij={Expij, RRF (Expij) }, Tin={Expin, RRF (Expin) }; S={ (σ l & & σ j & & ... & & σ n) | σ l ∈ Til, σ j ∈ Tij, σ n ∈ Tin}; Now S-Expi1 & & Expij & & ... & & Expin is the variant collection of subitem.
Concrete: precondition only has a subitem and 50>a>0 & & 50>b>0 & & 50>c>0 to be example, then Exp11=50>a>0, Exp12=50>b>0, Exp13=50>c>0, operator RRF is utilized to make a variation respectively Exp11, Exp12, Exp13, RRF (Exp11)={ a>50, a=50, a<0, a=0}, RRF (Exp12)={ b>50, b=50, b<0, b=0}, RRF (Exp13)={ c>50, c=50, c<0, c=0}, T1l={50>a>0, a>50, a=50, a<0, a=0}, T12={50>b>0, b>50, b=50, b<0, b=0}, T13={50>c>0, c>50, c=50, c<0, c=0}, , then S={ (σ l & & σ j & & ... & & σ n) | σ l ∈ Til, σ j ∈ Tij, σ n ∈ Tin}, so S has 125 elements, S=S-{50>a>0 & & 50>b>0 & & 50>c>0}, so the variant of JudgeTriangle precondition has 124.
3), step 2 is repeated to second subitem) obtain the variant collection of second subitem;
4), travel through two variant collection successively, the relational expression that variation formula s and t, s and t do not comprise mutual exclusion if exist respectively, then s and t phase and being incorporated into is gathered in T.
5), step 3) and 4 is repeated to T and the 3rd subitem), until all subitems are all considered.
Whether step 2033, if method does not exist precondition, obtains test case by boundary value and fuzz method of testing, correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition is recorded to Conditional mutation test report.
Step 204, in demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence.
The step of above-mentioned parameter variation is as follows:
1), each method successively in detection method sequence, and the value constraint that acquisition methods parameter is relevant from demand for security stipulations and relation constraint, if method exists parameter, according to the Test cases generation algorithm based on restriction on the parameters, production test use-case.
Test cases generation algorithm based on restriction on the parameters comprises as follows: to each parameter call one-parameter variation value set function of method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation is according to integer, character type, floating type, Boolean type, character string, pointer, array, the definition of structure eight type, the visible Fig. 3 of particular content, obtains variation value collection.If parameter is value type, concentrates deletion not meet the variation value of value constraint from its value, otherwise delete the variation value meeting value constraint.If number of parameters is one, return variation value collection as final test use cases.If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection.If parameter is more than three, carry out Three factors combined covering generating test use case collection.The set of uses case that above-mentioned two kinds of situations generate is got rid of the use-case meeting parametric relationship constraint, namely obtains final test use cases.
Above-mentioned one-parameter variation value set function specifically comprises:
If parameter type integer, all operators that effect is relevant, such as: IPO, PFB, IIV operator, as parameter is put sky, insert parameter operational symbol, parameter overturns, the unconventional value operator of integer.
If parameter character types, effect PSN, IPO, PFB, CIV operator, operational factors puts sky, and inset-operation accords with, and parameter overturns, the unconventional value operator of character;
If parameter floating type, effect operator PSN, FIV operator, operational factors puts sky, the unconventional value operator of floating-point;
If parameter Boolean type, effect PSN, BIV operator, operational factors puts sky, the unconventional value operator of boolean;
If parameter character string type, effect PSN, RSV, LSV, FSV, DSV, USV, CSV, SSI, CSS operator, operational factors puts sky, random nonregular character string value, overlength string value, formatting characters string value, directory traversal string value, URL and file path string value, system command string value, SQL character string is injected, and performs script operator across station;
If parameter pointer type, effect operator PSN, PIV, operational factors puts sky, the unconventional value operator of pointer;
If parameter digit group type, effect operator AIV, PSN, operational factors puts sky, the unconventional value operator of array;
If parameter structural type, effect operator PSN, SIV, operational factors puts sky, the unconventional value operator of structure.
2), test case is brought in method successively, operation method;
3), if actual result is different from expectation value, method information, parameter information, use-case are joined in parameter variation test report;
4) parameter variation test report, is obtained.
Step 205, obtains vulnerability testing report.
The feasibility of verification condition variation method, test TestCondiDll1.dll, TestCondiDll2.dll two components, the 7-1 of Fig. 4 a describes the details of two components, comprise the error number of Component number, lines of code, injection.The 7-2 of Fig. 4 b is the test result of TestCondiDll1.dll being carried out to Conditional mutation, and result shows that Conditional mutation method is feasible to the detection that display is abnormal.The 7-3 of Fig. 4 c is by Conditional mutation method and judge that covering, Condition Coverage Testing, conditional combination cover from the test case number produced and find that quantity two aspect of mistake compares analysis, experimental result shows that the use number of cases of other three kinds of methods generations is subsets of Conditional mutation, and can detected error number uncertain, may not necessarily detect that institute is wrong, and Conditional mutation creates all possible use-case, thus maximum by number of cases, but the mistake that all RRF operators cause can be detected; Conditional combination also can detect RRF mistake, but the test case efficiency of Conditional mutation is higher than conditional combination.
Parameter variation is intended to the data generating easy triggering secure exception, and the 8-1 of Fig. 5 a shows the error number of side operator that component TestParam.dll to be measured comprises, lines of code and injection.The 8-2 display of Fig. 5 b utilizes the test result of parameter stipulations variation method, verification and measurement ratio to show, and the explicit exception of parameter stipulations variation method to detection third party component is effective.In addition, parameter stipulations variation method and random device Fuzz, Boundary value method compare by this enforcement.Fuzz method of testing chooses test data randomly as use-case value, Boundary value method is according to the span of parameter, choose the data such as maximal value, maximal value +/-1, minimum value, minimum value +/-1, it is the comparative result of parameter stipulations mutation testing method and Fuzz and Boundary value method in Fig. 6, Fig. 6 shows the more by number of cases, effectively more by number of cases of generation; The verification and measurement ratio of Boundary value method is minimum, and the use-case validity of random device is placed in the middle, and the verification and measurement ratio of parameter variation method is the highest; Along with increasing of test case, the superiority of parameter variation method is tending towards obvious.
Claims (3)
1., based on third party's component vulnerability test method of condition and parameter variation, comprising:
Step 1 analyzes component interface by the typelib of third party's component, obtains the type information of component;
Step 2, according to the description of component and IDL, obtains the demand for security stipulations of component;
The precondition of step 3 preparation method from requirements specification and postcondition, carry out Conditional mutation test to method sequence;
In step 4 demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence;
Step 5, according to the test result of step 3 and step 4, obtains vulnerability testing report; It is characterized in that,
Described step 3 specifically comprises:
Each method successively in detection method sequence, if method exists precondition, according to the Test cases generation algorithm based on Constrained equations, generate legal test data, if legal test data occurs exception or runs counter to postcondition, then there are security breaches in described third party's component;
According to precondition mutation algorithm, generate precondition variant, and according to the precondition of variation and the Test cases generation algorithm based on Constrained equations, generate the test case violating precondition, if method true(-)running and result is different from expection, then illustrate that the judgement in described third party's component exists leak, the condition of test case, method information and variation is recorded to Conditional mutation test report; Described precondition mutation algorithm comprises:
The precondition of method is changed into disjunctive normal form, is namely expressed as extracting of several subitems, each subitem is the conjunction of several relational expressions;
All variant collection that subitem variation method obtains first subitem are called to first subitem;
The variant collection that subitem variation method obtains second subitem is called to second subitem;
Travel through two variant collection successively, the relational expression that variation formula s and t, s and t do not comprise mutual exclusion if exist respectively, then by s and t phase and be incorporated into and gather in T;
If method does not exist precondition, obtain test case with boundary value and random testing method, whether correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition are recorded to Conditional mutation test report.
2. method as claimed in claim 1, it is characterized in that, described step 4 specifically comprises:
Each method successively in detection method sequence, and the value constraint that acquisition methods parameter is relevant from demand for security stipulations and relation constraint, if method exists parameter, according to the Test cases generation algorithm based on restriction on the parameters, production test use-case;
Test case is brought in method successively, operation method;
If actual result is different from expectation value, method information, parameter information and use-case are written in parameter variation test report;
Obtain parameter variation test report.
3. method as claimed in claim 2, it is characterized in that, the described Test cases generation algorithm based on restriction on the parameters specifically comprises: to each parameter call one-parameter variation value set function of method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation defines according to type, obtains variation value collection; If parameter is value type, concentrates deletion not meet the variation value of value constraint from its value, otherwise delete the variation value meeting value constraint; If number of parameters is one, return variation value collection as final test use cases; If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection; If parameter is more than three, carry out Three factors combined covering generating test use case collection; The set of uses case that above-mentioned three kinds of situations generate is got rid of the use-case meeting parametric relationship constraint, namely obtains final test use cases.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501450.4A CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501450.4A CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103617114A CN103617114A (en) | 2014-03-05 |
| CN103617114B true CN103617114B (en) | 2016-03-02 |
Family
ID=50167817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310501450.4A Active CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103617114B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105335657B (en) * | 2015-12-07 | 2019-04-05 | 珠海豹趣科技有限公司 | A kind of program bug detection method and device |
| CN105809038B (en) * | 2016-03-01 | 2018-08-10 | 江苏大学 | A kind of component exception information lookup method towards monitoring journal |
| CN106294162B (en) * | 2016-08-12 | 2019-03-05 | 江苏大学 | A kind of third party's component method for testing security based on data mining |
| CN107451057B (en) * | 2017-07-31 | 2020-11-24 | 苏州浪潮智能科技有限公司 | Branch determination method and device |
| CN107844421B (en) * | 2017-10-31 | 2020-08-14 | 平安科技(深圳)有限公司 | Interface testing method and device, computer equipment and storage medium |
| CN111461286B (en) * | 2020-01-15 | 2022-03-29 | 华中科技大学 | Spark parameter automatic optimization system and method based on evolutionary neural network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930398A (en) * | 2010-07-02 | 2010-12-29 | 中国人民解放军总参谋部第五十四研究所 | Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology |
| CN102799529A (en) * | 2012-07-13 | 2012-11-28 | 北京航空航天大学 | Generation method of dynamic binary code test case |
| EP2565790A1 (en) * | 2011-08-31 | 2013-03-06 | Samsung Electronics Polska Spolka z organiczona odpowiedzialnoscia | Method and system for injecting simulated errors |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101266359B1 (en) * | 2009-05-08 | 2013-05-22 | 한국전자통신연구원 | Method for software reliability testing using selective fault activation, method for test area restricting, method for workload generating and computing apparatus for software reliability testing thereof |
-
2013
- 2013-10-23 CN CN201310501450.4A patent/CN103617114B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930398A (en) * | 2010-07-02 | 2010-12-29 | 中国人民解放军总参谋部第五十四研究所 | Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology |
| EP2565790A1 (en) * | 2011-08-31 | 2013-03-06 | Samsung Electronics Polska Spolka z organiczona odpowiedzialnoscia | Method and system for injecting simulated errors |
| CN102799529A (en) * | 2012-07-13 | 2012-11-28 | 北京航空航天大学 | Generation method of dynamic binary code test case |
Non-Patent Citations (4)
| Title |
|---|
| COM构件安全测试中的动态监测方法研究;陈锦富等;《武 汉 大 学 学 报 · 信 息 科 学 版》;20100531;第35卷(第5期);全文 * |
| 一个组件安全自动化测试平台的设计与实现;陈锦富等;《计算机科学》;20081231;第35卷(第12期);全文 * |
| 基于错误注入的构件安全性测试理论与技术研究;陈锦富;《中国博士学位论文全文数据库 信息科技辑》;20091115;第2009年卷(第11期);参见摘要,正文第4-6章,图5.2,图6.1,6.2 * |
| 软件错误注入测试技术研究;陈锦富等;《软件学报》;20090630;第20卷(第6期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103617114A (en) | 2014-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103617114B (en) | Based on third party's component vulnerability test method of condition and parameter variation | |
| CN112100054B (en) | Data management and control oriented program static analysis method and system | |
| Amalfitano et al. | A general framework for comparing automatic testing techniques of Android mobile apps | |
| Kuhn et al. | Practical combinatorial testing | |
| CN104407980B (en) | Mobile solution automatic test device and method | |
| CN103577324B (en) | Static detection method for privacy information disclosure in mobile applications | |
| Troya et al. | Automated inference of likely metamorphic relations for model transformations | |
| CN104035873A (en) | Method and device for generating testing codes | |
| Cao et al. | On the correlation between the effectiveness of metamorphic relations and dissimilarities of test case executions | |
| CN103559122A (en) | Test case reduction method based on program behavior slices | |
| CN101645037B (en) | Integrated test coverage analysis method of foundational software platform application program interface | |
| CN109165510A (en) | Android malicious application detection method based on binary channels convolutional neural networks | |
| CN103577168A (en) | Test case creation system and method | |
| CN101751530B (en) | Method for detecting loophole aggressive behavior and device | |
| CN105184160A (en) | API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform | |
| Morgado et al. | Automated pattern-based testing of mobile applications | |
| CN105868116A (en) | Semantic mutation operator based test case generation and optimization method | |
| CN103064787B (en) | Embedded assembly modeling and testing method based on expansion interface automata model | |
| Zhong et al. | A study on robustness and reliability of large language model code generation | |
| CN103150200A (en) | Computer language transformation system and transformation method from C language to MSVL (Modeling, Simulation and Verification Language) | |
| Song et al. | FBDTester 2.0: Automated test sequence generation for FBD programs with internal memory states | |
| CN113590454A (en) | Test method, test device, computer equipment and storage medium | |
| CN105955755A (en) | State diagram-based coding verification method | |
| Kuhn et al. | Sp 800-142. practical combinatorial testing | |
| CN103235757B (en) | Several apparatus and method that input domain tested object is tested are made based on robotization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |