An Approach of Security Testing for Third-Party Component based on State Mutation
It is essential to study an effective approach of security testing for third-party component.In this paper,in order to effectively trigger implicit vulnerabilities of third-party components,an approach of security testing for third-party component is proposed based on state mutation.To start with,executable method sequences of components are transformed into EFSM (Extended Finite State Machine).Then,according to characteristics of condition conflict and behavior conflict,two test case generation algorithms are addressed,i.e.Operations Conflict Sequences Generation Algorithm (OCGA) and Conditions Conflict Sequences Generation Algorithm (CCGA),which are designed to generate inaccessible sequences of behavior and condition conflicts.These conflict sequences are run,in the meantime,the security detecting algorithms are addressed to detect implicit vulnerabilities of third-party components,and then testing report of component security is obtained.In the end,some experiments are conducted based on proposed approach,and the experimental results show the proposed approach can effectively detect security exceptions of third-party components.
Third-party component Security testing Method sequence Extended finite state machine State mutation
国内会议
湖北恩施
英文
1-18
2014-09-13(万方平台首次上网日期,不代表论文的发表时间)