Abstract
Security testing is a key technology for software security. The testing results can reflect the relationship between software testing and software security, and they can help program designers for evaluating and improving software security. However, it is difficult to describe by mathematics the relationship between the results of software functional testing and software nonfunctional security indexes. In this paper, we propose a mathematics model (MSMAM) based on principal component analysis and multiattribute utility theory. This model can get nonfunctional security indexes by analyzing quantized results of functional tests. It can also evaluate software security and guide the effective allocation of testing resources in the process of software testing. The feasibility and effectiveness of MSMAM is verified by experiments.
Similar content being viewed by others
References
Chen Huowang, Wang Ji, Dong Wei. High confidence software engineering technologies [J]. Acta Electronica Sinica, 2003, 31(12A): 1933–1938(Ch).
Zhang Huanguo, Yan Fei, Fu Jianming, et al. The research of key technology and theory for trusted platform assessment [J]. Scientia Sinica (Informations), 2010, 40(2): 167–188.
Chris W, Lucas N, Dino D Z, et al. The Art of Software Security Testing: Identifying Software Security Flaws [M]. Boston: Symantec Press, 2006.
Gong Yunzhan. The summary of software testing method [C]// Proceeding the 10th Chinese Fault Tolerant Computing Conference (CFTC 2003). Beijing: Chinese Academic Journal (CD) Press, 2003.
Sutton M, Greene A, Amini P. Fuzzing Brute Vulnerability Discovery [M]. Beijing: Machinery Industry Press, 2009.
Xu Wuzhi, Jeff, Luo Juan. Testing Web services by XML perturbation [C]// Proceedings the 16th IEEE International Symposium on Software Reliability Engineering. Washington D C: IEEE Press, 2005: 257–266.
Cai K Y. Toward a conceptual framework of software runs reliability modeling [J]. Information Sciences, 2000, 126: 137–163.
Cai K Y. Software Defect and Operational Profile Modeling [M]. Boston/ London: Kluwer Academic Publishers, 1998.
Cai K Y, Dong Z, Liu K, et al. A mathematical modeling framework for software reliability testing [J]. International Journal of General Systems, 2007, 36(4): 399–463.
Padberg F. A fast algorithm to compute maximum likelihood estimates for the hyper geometric software reliability model [C] // Proc Second Asia-Picnic Conference on Quality Software. New York: Wiley Press, 2001: 40–49.
Haider S W, Cangussu J W, Cooper K M L, et al. Estimation of defects based on defect decay model: ED3M [J]. IEEE Transactions on Software Engineering, 2008, 34(3): 336–356.
Cai K Y, Li Y C, Liu K. Optimal and adaptive testing for software reliability assessment [J]. Information and Software Technology, 2004, 46: 989–1000.
Cai K Y, Jiang C H, Hai H, et al. An experimental study of adaptive testing for software reliability assessment [J]. Journal of Systems and Software, 2008, 81: 1406–1429.
The MIS Corporate Defence. An Overview of Penetration Testing [R/OL]. [2011-12-15]. http://www.airccse.org/journal/nsa/1111nsa02.pdf .
Cai Kaiyuan, Dong Zhao, Liu Ke. On several issues in software reliability testing [J]. Chinese Journal of Engineering Mathematics, 2008, 25(6): 967–978(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (91018008, 61003268, 61103220, 91118003); the National Natural Science Foundation of Hubei Province (2010cdb08601) and the Fundamental Research Funds for the Central Universities (3101038)
Biography: CAO Hui, male, Ph.D. candidate, research direction: information security.
Rights and permissions
About this article
Cite this article
Cao, H., Zhang, H. & Yan, F. MSMAM: Testing resources allocation, obtaining non-functional indexes based on functional testing results, and evaluating security. Wuhan Univ. J. Nat. Sci. 17, 504–510 (2012). https://doi.org/10.1007/s11859-012-0878-4
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-012-0878-4
Key words
- software testing
- software security
- principal component analysis
- multi-attribute theory
- security evaluation