Skip to main content
SpringerLink
Log in

A fault injection model-oriented testing strategy for component security

  • Published:
Journal of Central South University of Technology Aims and scope Submit manuscript

Abstract

A fault injection model-oriented testing strategy was proposed for detecting component vulnerabilities. A fault injection model was defined, and the faults were injected into the tested component based on the fault injection model to trigger security exceptions. The testing process could be recorded by the monitoring mechanism of the strategy, and the monitoring information was written into the security log. The component vulnerabilities could be detected by the detecting algorithm through analyzing the security log. Lastly, some experiments were done in an integration testing platform to verify the applicability of the strategy. The experimental results show that the strategy is effective and operable. The detecting rate is more than 90% for vulnerability components.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. MAO Cheng-ying, LU Yan-sheng. Research progress in testing techniques of component-based software [J]. Journal of Computer Research and Development, 2006, 43(8): 1375–1382. (in Chinese)

    Article  Google Scholar 

  2. MCGRAW G. Software security [J]. IEEE Security and Privacy, 2004, 2(2): 80–83.

    Article  Google Scholar 

  3. MCGRAW G, ALLEN B. Software security testing [J]. IEEE Security and Privacy, 2004, 2(5): 81–85.

    Article  Google Scholar 

  4. JU A, WANG A. Security testing in software engineering courses [C]// Proeedings of the 34th ASEE/IEEE Frontiers in Education Conference. Los Alamitos, CA: IEEE, 2004: 13–18.

    Google Scholar 

  5. HAN J, ZHENG Y. Security characterisation and integrity assurance for component-based software [C]// Proceedings of 2000 International Conference on Softwave Methods and Tools (SMT 2000). Los Alanmitos, CA: IEEE CS, 2000: 61–66.

    Chapter  Google Scholar 

  6. GUO F, YU Y, CHIUEH T. Automated and safe vulnerability assessment [C]// Proceedings of Annual Computer Security Applications Conference (ACSAC). Minato-ku, Tokyo: IEEE, 2005: 10–17.

    Google Scholar 

  7. NISSANKE N. Component security-issues and an approach [C]// Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC). Minato-ku, Tokyo: IEEE, 2005: 152–155.

    Google Scholar 

  8. BRYANT E, VINOD G, SANJIT A, SOMESH J, THOMAS W. Automatic discovery of api-level exploits [C]// Proceedings of International Conference of Software Engineer (ICSE). Washington, D C: ACM, 2005: 312–321.

    Google Scholar 

  9. ZHONG Q, EDWARDS N. Security control for COTS components [J]. IEEE Computer, 1998, 31(6): 67–73.

    Article  Google Scholar 

  10. BERTOLINO A, POLINI A. A framework for component deployment testing [C]// Proceedings of the 25th International Conference on Software Engineering (ICSE). Washington, D C: IEEE Computer Society, 2003: 221–231.

    Google Scholar 

  11. HADDOX M J, KAPFHAMMER M G, MICHAEL C C. An approach for understanding and testing third party software components [C]// Proceedings of Annual Reliability and Maintainability Symposium. Los Alamitos, CA: IEEE, 2002: 293–299.

    Google Scholar 

  12. CHEN Jin-fu, LU Yan-sheng, XIE Xiao-dong, ZHANG Wei. Testing approach of component security based on dynamic monitoring [C]// Proceedings of the 2nd International Multi-Symposiums on Computer and Computational Sciences IMSCCS 2007. Los Alamitos, CA: IEEE Computer Society, 2007: 381–386.

    Google Scholar 

  13. LU Yan-sheng, CHEN Jin-fu, XIE Xiao-dong. Testing model of component security based on dynamic monitoring [C]// Proceedings of China National Computer Conference. Beijing: Tsinghua University Press, 2007: 85–92. (in Chinese)

    Google Scholar 

  14. THOMPSON H, WHITTAKER J, MOTTAY F. Software security vulnerability testing in hostile environments [C]// Proceedings of the 2002 ACM Symposium on Applied Computing. Washington, DC: ACM, 2002: 260–264.

    Chapter  Google Scholar 

  15. DU W X, MATHUR P A. Testing for software vulnerability using environment perturbation [J]. Quality and Reliability Engineering International, 2002, 18(3): 261–272.

    Article  Google Scholar 

  16. HSUEH M, TSAI TK, LYER K R. Fault injection techniques and tools [J]. IEEE Computer, 1997, 30(4): 75–82.

    Article  Google Scholar 

  17. VOAS J. Fault injection for the masses [J]. IEEE Computer, 1997, 30(12): 129–130.

    Article  Google Scholar 

  18. VOAS J, MCGRAW G. Software fault injection: Inoculating programs against errors [M]. New York: John Wiley and Sons, 1997.

    Google Scholar 

  19. LOOKER N, MUNRO M, XU J. A comparison of network level fault injection with code insertion [C]// Proceedings of the 29th IEEE International Computer Software and Applications Conference. Los Alamitos, CA: IEEE, 2005: 479–484.

    Google Scholar 

  20. WHITTAKER A J. Software’s invisible users [J]. IEEE Software, 2001, 18(3): 84–88.

    Article  Google Scholar 

  21. CHEN Ji-feng, ZHU Li, SHEN Jun-yi, WHAN Zhi-hai. Scheme on automated test data generation and its evaluation [J]. Journal of Central South University of Technology, 2006, 13(1): 87–92.

    Article  Google Scholar 

  22. LI Jun-yi, GONG Hong-fang, HU Ji-ping, ZOU Bei-ji, SUN Jia-guang. Class hierarchical test case generation algorithm based on expanded EMDPN model [J]. Journal of Central South University of Technology, 2006, 13(6): 717–721.

    Article  Google Scholar 

  23. JABEEN F, JAFFAR-UR-REHMAN M. A framework for object oriented component testing [C]// Proceedings of the 2005 International Conference on Emerging Technologies. Minato-ku, Tokyo: IEEE, 2005: 451–460.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China

    Jin-fu Chen  (陈锦富), Yan-sheng Lu  (卢炎生) & Xiao-dong Xie  (谢晓东)

  2. Department of Computer Science, Iowa State University, Ames, 50011, USA

    Wei Zhang  (张卫)

Authors
  1. Jin-fu Chen  (陈锦富)
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yan-sheng Lu  (卢炎生)
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Zhang  (张卫)
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiao-dong Xie  (谢晓东)
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jin-fu Chen  (陈锦富).

Additional information

Foundation item: Project(513150601) supported by the National Pre-Research Project Foundation of China

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, Jf., Lu, Ys., Zhang, W. et al. A fault injection model-oriented testing strategy for component security. J. Cent. South Univ. Technol. 16, 258–264 (2009). https://doi.org/10.1007/s11771-009-0044-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11771-009-0044-0

Key words

Search

Navigation