Skip to main content
SpringerLink
Log in

MSMAM: Testing resources allocation, obtaining non-functional indexes based on functional testing results, and evaluating security

  • Published:
Wuhan University Journal of Natural Sciences

Abstract

Security testing is a key technology for software security. The testing results can reflect the relationship between software testing and software security, and they can help program designers for evaluating and improving software security. However, it is difficult to describe by mathematics the relationship between the results of software functional testing and software nonfunctional security indexes. In this paper, we propose a mathematics model (MSMAM) based on principal component analysis and multiattribute utility theory. This model can get nonfunctional security indexes by analyzing quantized results of functional tests. It can also evaluate software security and guide the effective allocation of testing resources in the process of software testing. The feasibility and effectiveness of MSMAM is verified by experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Chen Huowang, Wang Ji, Dong Wei. High confidence software engineering technologies [J]. Acta Electronica Sinica, 2003, 31(12A): 1933–1938(Ch).

    Google Scholar 

  2. Zhang Huanguo, Yan Fei, Fu Jianming, et al. The research of key technology and theory for trusted platform assessment [J]. Scientia Sinica (Informations), 2010, 40(2): 167–188.

    Google Scholar 

  3. Chris W, Lucas N, Dino D Z, et al. The Art of Software Security Testing: Identifying Software Security Flaws [M]. Boston: Symantec Press, 2006.

    Google Scholar 

  4. Gong Yunzhan. The summary of software testing method [C]// Proceeding the 10th Chinese Fault Tolerant Computing Conference (CFTC 2003). Beijing: Chinese Academic Journal (CD) Press, 2003.

    Google Scholar 

  5. Sutton M, Greene A, Amini P. Fuzzing Brute Vulnerability Discovery [M]. Beijing: Machinery Industry Press, 2009.

    Google Scholar 

  6. Xu Wuzhi, Jeff, Luo Juan. Testing Web services by XML perturbation [C]// Proceedings the 16th IEEE International Symposium on Software Reliability Engineering. Washington D C: IEEE Press, 2005: 257–266.

    Google Scholar 

  7. Cai K Y. Toward a conceptual framework of software runs reliability modeling [J]. Information Sciences, 2000, 126: 137–163.

    Article  MATH  Google Scholar 

  8. Cai K Y. Software Defect and Operational Profile Modeling [M]. Boston/ London: Kluwer Academic Publishers, 1998.

    Google Scholar 

  9. Cai K Y, Dong Z, Liu K, et al. A mathematical modeling framework for software reliability testing [J]. International Journal of General Systems, 2007, 36(4): 399–463.

    Article  MathSciNet  MATH  Google Scholar 

  10. Padberg F. A fast algorithm to compute maximum likelihood estimates for the hyper geometric software reliability model [C] // Proc Second Asia-Picnic Conference on Quality Software. New York: Wiley Press, 2001: 40–49.

    Chapter  Google Scholar 

  11. Haider S W, Cangussu J W, Cooper K M L, et al. Estimation of defects based on defect decay model: ED3M [J]. IEEE Transactions on Software Engineering, 2008, 34(3): 336–356.

    Article  Google Scholar 

  12. Cai K Y, Li Y C, Liu K. Optimal and adaptive testing for software reliability assessment [J]. Information and Software Technology, 2004, 46: 989–1000.

    Article  Google Scholar 

  13. Cai K Y, Jiang C H, Hai H, et al. An experimental study of adaptive testing for software reliability assessment [J]. Journal of Systems and Software, 2008, 81: 1406–1429.

    Article  Google Scholar 

  14. The MIS Corporate Defence. An Overview of Penetration Testing [R/OL]. [2011-12-15]. http://www.airccse.org/journal/nsa/1111nsa02.pdf .

  15. Cai Kaiyuan, Dong Zhao, Liu Ke. On several issues in software reliability testing [J]. Chinese Journal of Engineering Mathematics, 2008, 25(6): 967–978(Ch).

    MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, Wuhan University, Wuhan, 430072, Hubei, China

    Hui Cao, Huanguo Zhang & Fei Yan

  2. Key Laboratory of Aerospace Information Security and Trust Computing, Ministry of Education, Wuhan, 430072, Hubei, China

    Hui Cao, Huanguo Zhang & Fei Yan

Authors
  1. Hui Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huanguo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fei Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Huanguo Zhang.

Additional information

Foundation item: Supported by the National Natural Science Foundation of China (91018008, 61003268, 61103220, 91118003); the National Natural Science Foundation of Hubei Province (2010cdb08601) and the Fundamental Research Funds for the Central Universities (3101038)

Biography: CAO Hui, male, Ph.D. candidate, research direction: information security.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cao, H., Zhang, H. & Yan, F. MSMAM: Testing resources allocation, obtaining non-functional indexes based on functional testing results, and evaluating security. Wuhan Univ. J. Nat. Sci. 17, 504–510 (2012). https://doi.org/10.1007/s11859-012-0878-4

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11859-012-0878-4

Key words

CLC number

Search

Navigation