CN103617114A - Third-party component vulnerability test method based on conditions and parameter variations - Google Patents
Third-party component vulnerability test method based on conditions and parameter variations Download PDFInfo
- Publication number
- CN103617114A CN103617114A CN201310501450.4A CN201310501450A CN103617114A CN 103617114 A CN103617114 A CN 103617114A CN 201310501450 A CN201310501450 A CN 201310501450A CN 103617114 A CN103617114 A CN 103617114A
- Authority
- CN
- China
- Prior art keywords
- test
- parameter
- variation
- value
- precondition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a third-party component vulnerability test method based on conditions and parameter variations. The third-party component vulnerability test method comprises the steps of analyzing a component interface through a third-party type library to obtain type information of a component, obtaining a safety requirement protocol of the component according to the description and IDL of the component, obtaining pre-conditions and post-conditions of the method from the requirement protocol, conducting a condition variation test on a method sequence, extracting parameter value constraints and relation constraints from requirements, conducting a parameter protocol variation test on the method sequence, and obtaining a vulnerability test report according to the testing result of the step 3 and the testing result of the step 4. The third-party component vulnerability test method has a certain effect on explicit expression safety abnormity, the safety of the component can be tested, and the test efficiency is improved.
Description
Technical field
The invention belongs to third party's member fragility technical field of measurement and test, relate to a kind of third party's member fragility method of testing based on condition and parameter variation.
Background technology
Along with the development of component technology, the increasing business software purchase use third party of manufacturer member, comprises that some safety-critical softwares are as developments such as medical treatment, banks.Research over nearly 30 years mainly concentrates on the functional test of member, excavate as possible member in exploitation and the mistake realizing, and the test of the fragility of member is the fragility problem of working as the problem, especially the third party's member that can not be ignored in front part development.Third party's member, because source code is unknowable and height independence, cannot successfully be used white-box testing technology, and this has brought difficulty and challenge to the fragility test of third party's member.
Fragility test refers to and detects the member defect that all threaten computer system security, as run counter to demand for security, RAM leakage, buffer overflow etc., at present member fragility test mainly contains member safety test description and configures with safety assessment, member and encapsulate security test, utilize formalization method etc., and these researchs do not provide testing algorithm or method do not carried out to experimental verification.The people such as Fakhra have proposed, for improving the demand for security implementation of the safe testability of member, to carry out normalized illustration, but do not relate to the method for testing of safety standard from aspects such as resource distribution, environment configurations and method calls.The people such as Bertolino propose a kind of framework of Component Integration Test, increase spy's module in framework tested member, for collecting state and the resource allocation conditions while moving with comparison means, if relevant running status or environment have been violated demand for security explanation, can conclude that it exists security exception.The people such as M.Haddox propose the packaging and testing method that member to be measured is encapsulated, and increase the input and output test interface of member, the further analytical test third party of combination member statement of requirements member in wrapper.But the method for Bertolino and M.Haddox has only been carried out desk study in theory, and its feasibility does not compare effective experimental verification.
Summary of the invention
In method of testing based on third party's member in prior art, do not consider the information such as the combination member statement of requirements and parameter, inaccuracy and the integrality of test have always been brought, therefore the present invention proposes a kind of third party's member fragility method of testing based on condition and parameter variation, has solved the problems referred to above.
The invention provides a kind of third party's member fragility method of testing based on condition and parameter variation, comprising:
Precondition and the postcondition of step 3 preparation method from requirements specification, carry out Conditional mutation test to method sequence;
In step 4 demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence;
First aspect, above-mentioned steps 3 specifically comprises:
Each method in detection method sequence successively, if method exists precondition, the test case generating algorithm according to based on equation of constraint group, generates legal test data, if the appearance of legal test data is abnormal or run counter to postcondition, there are security breaches in described third party's member;
According to precondition mutation algorithm, generate precondition variant, and according to the precondition of variation and the test case generating algorithm based on equation of constraint group, generate the test case of violating precondition, if method true(-)running and result are different from expection, illustrate that the judgement in described third party's member exists leak, is recorded to Conditional mutation test report by the condition of test case, method information and variation;
If there is not precondition in method, with boundary value and random testing method, obtain test case, whether correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition are recorded to Conditional mutation test report.
Second aspect, above-mentioned steps 4 specifically comprises:
Each method in detection method sequence successively, and from demand for security stipulations value constraint and the relation constraint of acquisition methods parameter correlation, if there is parameter in method, according to the test case generating algorithm based on restriction on the parameters, production test use-case.
Test case is brought in method successively into operation method;
If actual result is different from expectation value, method information, parameter information and use-case are written in parameter variation test report;
Obtain parameter variation test report.
The third aspect, above-mentioned precondition mutation algorithm comprises:
The precondition of method is changed into disjunctive normal form, be expressed as extracting of several subitems, each subitem is the conjunction of several relational expressions;
First subitem is called to all variant collection that subitem variation method obtains first subitem;
Second subitem called to the variant collection that subitem variation method obtains second subitem;
Travel through successively two variant collection, if there is respectively variation formula s and t, s and t do not comprise the relational expression of mutual exclusion, by s and t phase be incorporated in set T.
Fourth aspect, the above-mentioned test case generating algorithm based on restriction on the parameters specifically comprises: each the parameter call one-parameter variation value set function to method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation defines according to type, obtains variation value collection; If parameter is value type, from its value, concentrates and delete the variation value that does not meet value constraint, otherwise delete the variation value that meets value constraint; If number of parameters is one, return to variation value collection as final test use cases; If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection; If parameter surpasses three, carry out three factor combinations and cover generating test use case collection; The set of uses case that above-mentioned two kinds of situations are generated is got rid of the use-case that meets parametric relationship constraint, obtains final test use cases.
The effect that the present invention is useful is: 1. the test case generating algorithm based on equation of constraint group that Conditional mutation utilization proposes generates the test case that meets precondition, and precondition mutation algorithm proposed, generate several variants of precondition, in conjunction with the test case generating algorithm based on equation of constraint group, generate and run counter to the test data of precondition, and carry out Hole Detection by Conditional mutation Hole Detection algorithm.
2. parameter variation method utilizes the test case generating algorithm based on restriction on the parameters to generate test data according to the relevant all operators of the type action of parameter, by combination, cover and dwindle test set, filter out the test case of running counter to parametric relationship constraint, and the security from parameter angle detection means in conjunction with security breaches detection algorithm.
3. based on condition and parameter variation strategy, there is complete demand for security explanation (it not only comprise recorded Component and attribute, also comprise the constraint of method precondition, postcondition, parameter correlation); Safety detecting method framework is defined and describes; Conditional mutation algorithm and parameter variation algorithm are suggested and generate variation method sequence; Hole Detection algorithm is suggested whether safety of detection means; Experimental result shows that method of the present invention has certain effect to explicit security exception, and security that can detection means has improved the efficiency of test.
Accompanying drawing explanation
Fig. 1 is relational operator misquotation operator RRF schematic diagram;
Fig. 2 is the third party's member fragility method of testing process flow diagram based on condition and parameter variation of the embodiment of the present invention;
Fig. 3 is description and the example schematic diagram of the parameter stipulations mutation operator of the embodiment of the present invention;
The member details table of Fig. 4 a embodiment of the present invention;
The experimental result table of Fig. 4 b embodiment of the present invention;
The Comparison of experiment results table of Fig. 4 c embodiment of the present invention;
The information table that utilizes parameter variation method to test of Fig. 5 a embodiment of the present invention;
The result table that utilizes parameter variation method to test of Fig. 5 b embodiment of the present invention;
Fig. 6 is the Comparison of experiment results schematic diagram of parameter variation and Fuzz method of testing and boundary value.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described, is to be noted that described embodiment is only intended to be convenient to the understanding of the present invention, and it is not played to any restriction effect.
Object of the present invention shows abnormal feature for third party's member, a kind of fragility method of testing of precondition, postcondition and the variation of parameter stipulations based on third party's Component is provided, the demonstration that effectively detects third party's member is abnormal, perfect fragility test frame and mutation algorithm is provided, and carried out sufficient experiment, proved feasibility and the validity of method.
First, define the involved several concept definitions of the embodiment of the present invention as follows,
Define the called front a series of constraint conditions that must meet of the method that is characterized as of 1 precondition;
Define the condition that being characterized as of 2 postconditions should be satisfied after method call finishes, postcondition judges the correctness of executable operations after method end of run.
The Boolean expression that the precondition of method, postcondition can be by the rreturn values of method, output of method, parameter, environmental variance marriage relation operational symbol, arithmetic operator symbol, Boolean operator etc. are expressed as;
Define 3 Conditional mutation operator RRF(Relational Operator Reference Fault Operator) change the relation character of single simple relational expression into contrary symbol, as shown in Figure 1.
The Component parameter that is characterized as of definition 4 values constraints exists numerical value to retrain, as a method parameter index represents index index >=0 of array.
The feature that defines the relation constraint between 5 parameters is also may have constraint between a parameter in method, constraint expression formula between parameter is used for the judgement Boolean expression that easily makes a mistake or omit in simulator program, as differentiate triangle class method for distinguishing, a, b, c is leg-of-mutton three limits, the leg-of-mutton judgement of right and wrong of the method leakiness judgement, the constraint formula between parameter is: a+b>c & & a+c>b & & b+c>a.
Define 6 method sequences: the execution sequence that Component is feasible, method sequence can generate method sequence by migration tree and the base path testing algorithm of member, or adopts data mining technology to extract execution sequence.
Define the DNF form of 7 preconditions: method precondition is represented by several relational expressions and Boolean operator.In Boolean logic, boolean's formula can be expressed as disjunctive normal form DNF of equal value (Disjunctive Normal Form), and disjunctive normal form refers to that boolean's formula is extracting of several unit, and each unit is the conjunction of several words.Adopt the definition of disjunctive normal form in Boolean logic, the precondition of method can be expressed as disjunctive normal form, precondition is extracting of several subitems, each subitem is the conjunction of several relational expressions, each relational expression is considered as to a word in Boolean logic, the form of all preconditions is Exp11 & & Exp12... & & Exp1s|| ... || Expm1 & & Expm2 ... & & Expmt, Expij is a relational expression.
Define 8 equation of constraint groups: the precondition of the disjunctive normal form of describing according to definition 5, by Exp11 & & Exp12... & & Exp1s|| ... || Expm1 & & Expm2 ... & & Expmt is converted into m equation of constraint group
As shown in Figure 2, the third party's member fragility method of testing based on condition and parameter variation of the present invention, comprising:
Step 201, analyzes component interface by the typelib of third party's member, obtains the type information of member.
Step 202, according to the description of member and IDL, obtains the demand for security stipulations of member.
Demand for security stipulations in the embodiment of the present invention are to be described by XML according to certain pattern, and demand for security stipulations can be provided by component development side, also can be by member user.Demand for security stipulations can obtain according to information comprehensive analysis such as the functional description of member and IDL, demand for security stipulations comprise Component information, value constraint, relation constraint as relevant in the parameter type of method, rreturn value type, method name, method precondition, postcondition and method parameter.
Step 203, the precondition of preparation method and postcondition from requirements specification, carry out Conditional mutation test to method sequence.
In above-mentioned step 203, the step of above-mentioned Conditional mutation test is as follows:
Step 2031, each method in detection method sequence successively, and the precondition, the postcondition that from demand for security stipulations, extract the method retrain, if there is precondition in method, according to the test case generating algorithm of equation of constraint group, solve precondition equation of constraint group, obtain the test case of parameter, test case substitution method is moved.In operational process, judge whether legal test data occurs abnormal or run counter to postcondition, if occur abnormal or run counter to postcondition, there are security breaches in explanation.This test case has triggered security exception, by information recordings such as test case, abnormal, precondition, postcondition and methods to test report.If normally move and meet postcondition, this safety test use-case being deleted.
Concrete according to above-mentioned definition 7 and 8, according to the test case generating algorithm of equation of constraint group, the equation of constraint group that precondition is obtained solves, and obtains the solution of each equation of constraint group, then will organize to separate to merge more and obtain test case, and concrete steps are as follows:
Because the back-track algorithm in this algorithm is very consuming time, if system of equations without solution, is repeatedly recalled the efficiency of algorithm that affects very consuming time.The present invention designs the criterion whether a constraint IF system of equations has solution, can avoid, to repeatedly the recalling of the system of equations without separating, improving the efficiency of algorithm.Whether equation of constraint group is without the criterion of separating: the left side that variable in equation of constraint group is moved on to relational operator, the right is operand, equation is converted to operational symbol for equation of equal value with it, detect and whether have several equations, the left side of equation and be 0, the right and be not equal to 0 number, illustrates that system of equations is without solution if exist.If system of equations has solution, solution procedure is as follows; Equation in system of equations is divided into simple equation or complicated equation, and simple equation only comprises a variable, if equation comprises an above variable, is complicated equation.According to simple equation, establish initial codomain to contained variable xi, without the initial codomain of the variable of simple equation, be (∞ ,+∞), and simple equation is deleted from system of equations; Select in complicated equation occurrences number of times at most or the narrowest variable of codomain be current variable, select a value assignment to current variable at random from its codomain; By in the value substitution system of equations of current variable; If there is simple equation in system of equations after current variable assignments, according to simple equation, redefine the codomain of contained variable, if occuring simultaneously, the codomain of codomain and last time recalls for sky; Repeat above process until all variablees assignment all.
Step 2032, calls precondition mutation algorithm, utilizes relational operator misquotation operator RRF to generate precondition variant; And according to the precondition of variation and the test case generating algorithm based on equation of constraint group, generate the test case of violating precondition, if method true(-)running and result are different from expection, this test case is effective, and determine and to have leak, the condition of test case, method information and variation is recorded to Conditional mutation test report.
Introduce above-mentioned precondition mutation algorithm below, the JudgeTriangle method (precondition is 50>a>0 & & 50>b>0 & & 50>c>0) of take is example, and the process that the precondition that makes a variation in implementation condition mutation algorithm obtains variant is as follows:
1), the precondition 50>a>0 & & 50>b>0 & & 50>c>0 of method is changed into disjunctive normal form, be expressed as extracting of several subitems, each subitem is the conjunction of several relational expressions, the precondition 50>a>0 & & 50>b>0 & & 50>c>0 of take is example, it is 50>a>0 & & 50>b>0 & & 50>c>0 itself that known precondition only has a subitem,
2), first subitem is called to all variant collection that subitem variation method obtains first subitem;
Subitem variation is in conjunction with mutation operator RRF variation Expi1 & & Expij & & ... the all variant collection to subitem of & & Expin, process comprises: utilize operator RRF Variation Relationship formula Expij, by the relational operator variation in relational expression, it is contrary symbol, variation set represents with RRF (Expij), refer to Fig. 1, Expi1 successively makes a variation, Expij, the RRF that Expin obtains (Expi1), RRF (Expij) ..., RRF (Expin).Til={Expi1, RRF (Expi1) }, Tij={Expij, RRF (Expij) } and, Tin={Expin, RRF (Expin) }; S={ (σ l & & σ j & & ... & & σ n) | σ l ∈ Til, σ j ∈ Tij, σ n ∈ Tin}; S-Expi1 & & Expij & & now ... & & Expin is the variant collection of subitem.
Concrete: it is that 50>a>0 & & 50>b>0 & & 50>c>0 is example that precondition only has a subitem, Exp11=50>a>0, Exp12=50>b>0, Exp13=50>c>0, utilize the operator RRF Exp11 that makes a variation respectively, Exp12, Exp13, RRF (Exp11)={ a>50, a=50, a<0, a=0}, RRF (Exp12)={ b>50, b=50, b<0, b=0}, RRF (Exp13)={ c>50, c=50, c<0, c=0}, T1l={50>a>0, a>50, a=50, a<0, a=0}, T12={50>b>0, b>50, b=50, b<0, b=0}, T13={50>c>0, c>50, c=50, c<0, c=0}, , S={ (σ l & & σ j & & ... & & σ n) | σ l ∈ Til, σ j ∈ Tij, σ n ∈ Tin}, so S has 125 elements, S=S-{50>a>0 & & 50>b>0 & & 50>c>0}, so the variant of JudgeTriangle precondition has 124.
3), to second subitem repeating step 2) obtain the variant collection of second subitem;
4), travel through successively two variant collection, if there is respectively variation formula s and t, s and t do not comprise the relational expression of mutual exclusion, by s and t phase be incorporated in set T.
5), to T and the 3rd subitem repeating step 3) and 4), until all subitems are all considered.
Whether step 2033, if method does not exist precondition, obtains test case by boundary value and fuzz method of testing, correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition is recorded to Conditional mutation test report.
Step 204, in demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence.
The step of above-mentioned parameter variation is as follows:
1), each method in detection method sequence successively, and from demand for security stipulations value constraint and the relation constraint of acquisition methods parameter correlation, if there is parameter in method, according to the test case generating algorithm based on restriction on the parameters, production test use-case.
Test case generating algorithm based on restriction on the parameters comprises as follows: each the parameter call one-parameter variation value set function to method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation is according to integer, character type, floating type, Boolean type, character string, pointer, array, eight types of definition of structure, the visible Fig. 3 of particular content, obtains variation value collection.If parameter is value type, from its value, concentrates and delete the variation value that does not meet value constraint, otherwise delete the variation value that meets value constraint.If number of parameters is one, return to variation value collection as final test use cases.If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection.If parameter surpasses three, carry out three factor combinations and cover generating test use case collection.The set of uses case that above-mentioned two kinds of situations are generated is got rid of the use-case that meets parametric relationship constraint, obtains final test use cases.
Above-mentioned one-parameter variation value set function specifically comprises:
If parameter type integer, all operators that effect is relevant, for example: IPO, PFB, IIV operator, as parameter is put to sky, inserts parameter operational symbol, parameter upset, the unconventional value operator of integer.
If parameter character types, effect PSN, IPO, PFB, CIV operator, operational factors is put sky, inset-operation symbol, parameter upset, the unconventional value operator of character;
If parameter floating type, effect operator PSN, FIV operator, operational factors is put sky, the unconventional value operator of floating-point;
If parameter Boolean type, effect PSN, BIV operator, operational factors is put sky, the unconventional value operator of boolean;
If parameter character string type, effect PSN, RSV, LSV, FSV, DSV, USV, CSV, SSI, CSS operator, operational factors is put sky, random nonregular character string value, overlength string value, format string value, directory traversal string value, URL and file path string value, system command string value, SQL character string is injected, and across station, carries out script operator;
If parameter pointer type, effect operator PSN, PIV, operational factors is put sky, the unconventional value operator of pointer;
If parameter digit group type, effect operator AIV, PSN, operational factors is put sky, the unconventional value operator of array;
If parameter structural type, effect operator PSN, SIV, operational factors is put sky, the unconventional value operator of structure.
2), test case is brought in method successively into operation method;
3),, if actual result is different from expectation value, method information, parameter information, use-case are joined in parameter variation test report;
4), obtain parameter variation test report.
Step 205, obtains fragility test report.
The feasibility of verification condition variation method, TestCondiDll1.dll, two members of TestCondiDll2.dll are tested, the 7-1 of Fig. 4 a has described the details of two members, comprises the wrong number of Component number, lines of code, injection.The 7-2 of Fig. 4 b is for carrying out the test result of Conditional mutation to TestCondiDll1.dll, result shows that Conditional mutation method is to showing that abnormal detection is feasible.The 7-3 of Fig. 4 c is by Conditional mutation method and judge that covering, Condition Coverage Testing, conditional combination cover the test case number from producing and find that wrong quantity two aspects compare analysis, experimental result shows that the use number of cases that other three kinds of methods produce is the subset of Conditional mutation, and can detected error number uncertain, may not necessarily detect institute wrong, and Conditional mutation has produced all possible use-case, thereby maximum by number of cases, but can detect the mistake that all RRF operators cause; Conditional combination also can detect RRF mistake, but the test case efficiency of Conditional mutation is higher than conditional combination.
Parameter variation is intended to generate the data of easy triggering security exception, and the 8-1 of Fig. 5 a has shown the wrong number of method number, lines of code and injection that member TestParam.dll to be measured comprises.The 8-2 of Fig. 5 b shows the test result of utilizing parameter stipulations variation method, and verification and measurement ratio shows that parameter stipulations variation method is effective to detecting the explicit of third party's member extremely.In addition, this enforcement compares parameter stipulations variation method and random device Fuzz, Boundary value method.Fuzz method of testing is chosen test data randomly as use-case value, Boundary value method is according to the span of parameter, choose the data such as maximal value, maximal value +/-1, minimum value, minimum value +/-1, it in Fig. 6, is the comparative result of parameter stipulations mutation testing method and Fuzz and Boundary value method, Fig. 6 shows the more by number of cases, effectively more by number of cases of generation; The verification and measurement ratio of Boundary value method is minimum, and the use-case validity of random device is placed in the middle, and the verification and measurement ratio of parameter variation method is the highest; Along with increasing of test case, it is obvious that the superiority of parameter variation method is tending towards.
Claims (5)
1. the third party's member fragility method of testing based on condition and parameter variation, is characterized in that, comprising:
Step 1 is analyzed component interface by the typelib of third party's member, obtains the type information of member;
Step 2, according to the description of member and IDL, obtains the demand for security stipulations of member;
Precondition and the postcondition of step 3 preparation method from requirements specification, carry out Conditional mutation test to method sequence;
In step 4 demand, the constraint of extracting parameter value, relation constraint, carry out parameter stipulations mutation testing to method sequence;
Step 5, according to the test result of step 3 and step 4, obtains fragility test report.
2. method as claimed in claim 1, is characterized in that, described step 3 specifically comprises:
Each method in detection method sequence successively, if method exists precondition, the test case generating algorithm according to based on equation of constraint group, generates legal test data, if the appearance of legal test data is abnormal or run counter to postcondition, there are security breaches in described third party's member;
According to precondition mutation algorithm, generate precondition variant, and according to the precondition of variation and the test case generating algorithm based on equation of constraint group, generate the test case of violating precondition, if method true(-)running and result are different from expection, illustrate that the judgement in described third party's member exists leak, is recorded to Conditional mutation test report by the condition of test case, method information and variation;
If there is not precondition in method, with boundary value and random testing method, obtain test case, whether correct in conjunction with postcondition determination methods, if run counter to postcondition, test case and postcondition are recorded to Conditional mutation test report.
3. method as claimed in claim 1, is characterized in that, described step 4 specifically comprises:
Each method in detection method sequence successively, and from demand for security stipulations value constraint and the relation constraint of acquisition methods parameter correlation, if there is parameter in method, according to the test case generating algorithm based on restriction on the parameters, production test use-case.
Test case is brought in method successively into operation method;
If actual result is different from expectation value, method information, parameter information and use-case are written in parameter variation test report;
Obtain parameter variation test report.
4. method as claimed in claim 2, is characterized in that, described precondition mutation algorithm comprises:
The precondition of method is changed into disjunctive normal form, be expressed as extracting of several subitems, each subitem is the conjunction of several relational expressions;
First subitem is called to all variant collection that subitem variation method obtains first subitem;
Second subitem called to the variant collection that subitem variation method obtains second subitem;
Travel through successively two variant collection, if there is respectively variation formula s and t, s and t do not comprise the relational expression of mutual exclusion, by s and t phase be incorporated in set T.
5. method as claimed in claim 3, it is characterized in that, the described test case generating algorithm based on restriction on the parameters specifically comprises: each the parameter call one-parameter variation value set function to method, the all mutation operators relevant to single parameter role, the operator of parameter stipulations variation defines according to type, obtains variation value collection; If parameter is value type, from its value, concentrates and delete the variation value that does not meet value constraint, otherwise delete the variation value that meets value constraint; If number of parameters is one, return to variation value collection as final test use cases; If number of parameters is two, carries out combinations of pairs and analyze generating test use case collection; If parameter surpasses three, carry out three factor combinations and cover generating test use case collection; The set of uses case that above-mentioned two kinds of situations are generated is got rid of the use-case that meets parametric relationship constraint, obtains final test use cases.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501450.4A CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501450.4A CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103617114A true CN103617114A (en) | 2014-03-05 |
| CN103617114B CN103617114B (en) | 2016-03-02 |
Family
ID=50167817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310501450.4A Active CN103617114B (en) | 2013-10-23 | 2013-10-23 | Based on third party's component vulnerability test method of condition and parameter variation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103617114B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105335657A (en) * | 2015-12-07 | 2016-02-17 | 珠海市君天电子科技有限公司 | Program bug detection method and device |
| CN105809038A (en) * | 2016-03-01 | 2016-07-27 | 江苏大学 | Component abnormity information searching method for monitoring log |
| CN106294162A (en) * | 2016-08-12 | 2017-01-04 | 江苏大学 | A kind of third party's component method for testing security based on data mining |
| CN107451057A (en) * | 2017-07-31 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of branch determines method and device |
| CN107844421A (en) * | 2017-10-31 | 2018-03-27 | 平安科技(深圳)有限公司 | Interface test method, device, computer equipment and storage medium |
| CN111461286A (en) * | 2020-01-15 | 2020-07-28 | 华中科技大学 | Spark parameter automatic optimization system and method based on evolutionary neural network |
| CN111767510A (en) * | 2020-05-20 | 2020-10-13 | 浙江大学 | Multi-parameter uncertainty analysis method based on value set visualization technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100287412A1 (en) * | 2009-05-08 | 2010-11-11 | Electronics And Telecommunications Research Institute | Software reliability test method using selective fault activation, test area restriction method, workload generation method and computing apparatus for testing software reliability using the same |
| CN101930398A (en) * | 2010-07-02 | 2010-12-29 | 中国人民解放军总参谋部第五十四研究所 | Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology |
| CN102799529A (en) * | 2012-07-13 | 2012-11-28 | 北京航空航天大学 | Generation method of dynamic binary code test case |
| EP2565790A1 (en) * | 2011-08-31 | 2013-03-06 | Samsung Electronics Polska Spolka z organiczona odpowiedzialnoscia | Method and system for injecting simulated errors |
-
2013
- 2013-10-23 CN CN201310501450.4A patent/CN103617114B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100287412A1 (en) * | 2009-05-08 | 2010-11-11 | Electronics And Telecommunications Research Institute | Software reliability test method using selective fault activation, test area restriction method, workload generation method and computing apparatus for testing software reliability using the same |
| CN101930398A (en) * | 2010-07-02 | 2010-12-29 | 中国人民解放军总参谋部第五十四研究所 | Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology |
| EP2565790A1 (en) * | 2011-08-31 | 2013-03-06 | Samsung Electronics Polska Spolka z organiczona odpowiedzialnoscia | Method and system for injecting simulated errors |
| CN102799529A (en) * | 2012-07-13 | 2012-11-28 | 北京航空航天大学 | Generation method of dynamic binary code test case |
Non-Patent Citations (4)
| Title |
|---|
| 陈锦富: "基于错误注入的构件安全性测试理论与技术研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
| 陈锦富等: "COM构件安全测试中的动态监测方法研究", 《武 汉 大 学 学 报 · 信 息 科 学 版》 * |
| 陈锦富等: "一个组件安全自动化测试平台的设计与实现", 《计算机科学》 * |
| 陈锦富等: "软件错误注入测试技术研究", 《软件学报》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105335657A (en) * | 2015-12-07 | 2016-02-17 | 珠海市君天电子科技有限公司 | Program bug detection method and device |
| CN105809038A (en) * | 2016-03-01 | 2016-07-27 | 江苏大学 | Component abnormity information searching method for monitoring log |
| CN105809038B (en) * | 2016-03-01 | 2018-08-10 | 江苏大学 | A kind of component exception information lookup method towards monitoring journal |
| CN106294162A (en) * | 2016-08-12 | 2017-01-04 | 江苏大学 | A kind of third party's component method for testing security based on data mining |
| CN106294162B (en) * | 2016-08-12 | 2019-03-05 | 江苏大学 | A kind of third party's component method for testing security based on data mining |
| CN107451057A (en) * | 2017-07-31 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of branch determines method and device |
| CN107451057B (en) * | 2017-07-31 | 2020-11-24 | 苏州浪潮智能科技有限公司 | Branch determination method and device |
| CN107844421A (en) * | 2017-10-31 | 2018-03-27 | 平安科技(深圳)有限公司 | Interface test method, device, computer equipment and storage medium |
| CN111461286A (en) * | 2020-01-15 | 2020-07-28 | 华中科技大学 | Spark parameter automatic optimization system and method based on evolutionary neural network |
| CN111461286B (en) * | 2020-01-15 | 2022-03-29 | 华中科技大学 | Spark parameter automatic optimization system and method based on evolutionary neural network |
| CN111767510A (en) * | 2020-05-20 | 2020-10-13 | 浙江大学 | Multi-parameter uncertainty analysis method based on value set visualization technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103617114B (en) | 2016-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103617114B (en) | Based on third party's component vulnerability test method of condition and parameter variation | |
| CN104407980B (en) | Mobile solution automatic test device and method | |
| Kuhn et al. | Practical combinatorial testing | |
| Troya et al. | Automated inference of likely metamorphic relations for model transformations | |
| Cao et al. | On the correlation between the effectiveness of metamorphic relations and dissimilarities of test case executions | |
| CN109165510A (en) | Android malicious application detection method based on binary channels convolutional neural networks | |
| CN101645037B (en) | Integrated test coverage analysis method of foundational software platform application program interface | |
| Nguyen et al. | Detection of embedded code smells in dynamic web applications | |
| US10409706B2 (en) | Automated test generation for structural coverage for temporal logic falsification of cyber-physical systems | |
| CN103064787B (en) | Embedded assembly modeling and testing method based on expansion interface automata model | |
| CN104035873A (en) | Method and device for generating testing codes | |
| Morgado et al. | Automated pattern-based testing of mobile applications | |
| Liu et al. | Identifying renaming opportunities by expanding conducted rename refactorings | |
| Walkinshaw et al. | Automated comparison of state-based software models in terms of their language and structure | |
| CN104635144A (en) | Hardware trojan detection method independent of datum curve | |
| CN112115326B (en) | Multi-label classification and vulnerability detection method for Etheng intelligent contracts | |
| CN103294596A (en) | Early warning method for contract-type software fault based on program invariants | |
| Song et al. | FBDTester 2.0: Automated test sequence generation for FBD programs with internal memory states | |
| CN113590454A (en) | Test method, test device, computer equipment and storage medium | |
| Kim et al. | Adding examples into java documents | |
| Kuhn et al. | Sp 800-142. practical combinatorial testing | |
| Kim et al. | Predictive mutation analysis via the natural language channel in source code | |
| Jajal et al. | Analysis of failures and risks in deep learning model converters: A case study in the onnx ecosystem | |
| Aho et al. | Making GUI testing practical: Bridging the gaps | |
| Villalobos-Arias et al. | Evaluation of a model‐based testing platform for Java applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |