基于安全策略模型安全功能测试用例生成方法.pdfVIP

ISSN 1000- 1239PCN 11- 1777PT P Journal of Comput er Research and De elopment 46( 10) : 1686- 1692, 2009 张 敏 冯登国 陈 驰 ( 100190) ( mzhang@ is. iscas. ac. cn) A Security Function Test Suite GenerationMethodBasedon Security Policy Model Zhang M in, Feng Dengguo, and Chen Chi ( State K ey L abor atory of I nf or mat ion Secur ity , I ns t it ute of S of tw ar e, Chinese A cademy of S ciences , B e ij ing 100 190) Abstract T he third-party independent security function testing is one essential step of the security e aluation of secur ity products. Generally the test case generation of independence testing is based on the product specification. How e er , in the independence testing of security products such as the secure database management system ( SDBM S) , the product must satisfy the r equirement of the security policies in addition to the requirement of the product specification, w hich describes the objects and the measurement of the protection. Since the beha ior s of security products ar e more precisely described in the secur ity models instead of the specifications, the authors pro ide a test case generation method based on the formal security policy model. The method include the gener ation of the test specification based on the formal security policy model, the test space partitioning based on both the grammar and rules; partitioning rule based on the type and the combination principles. The method is more likely to find the fault and error in the product than in manual testing, and it helps the automation of testing and impr o es the efficiency. Key words security policy model; security functional test; test case generation; test automation; type-based partition 实施第三方安全功能独立测试是信息安全产品测评中的一个重要环节, 对于以安全数 库管理 系统为代表的信息安全产品, 其