CSTS: A Prototype Tool for Testing COM Component Security
The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS, a GUI (graphical user interface) software, adopts both static and dynamic testing based on fault injection and dynamic monitoring. Firstly, CSTS analyzes component type information and statically injects parameter faults into interface methods. Secondly, environment faults such as memory fault, file fault and process fault are injected into the tested component when the component is driven. Dynamic monitoring mechanism can monitor the running process of component and analyze the component security exceptions. Some commercial components were tested in the CSTS. The experimental results show that CSTS is effective and operable.
component security component testing fault injection testing tool
Jinfu Chen Yansheng Lu Xiaodong Xie
School of Computer Science and Telecommunication Engineering, JiangSu University Zhenjiang City, Jia College of Computer Sci. & Tech., Huazhong University of Sci. & Tech. Wuhan City, Hubei Province, 43
国际会议
2009 Ninth International Conference on Hybrid Intelligent Systems(第九届混合智能系统国际会议 HIS 2009)
沈阳
英文
1-6
2009-08-12(万方平台首次上网日期,不代表论文的发表时间)