基于数据挖掘的第三方构件安全性测试方法研究

项目名称： 基于数据挖掘的第三方构件安全性测试方法研究

项目编号： No.61202110

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 陈锦富

作者单位： 江苏大学

项目金额： 23万元

中文摘要： 第三方构件的安全性是影响构件技术发展的重要因素之一，也是软件质量指标体系的重要组成部分，而安全性测试是确保此特性的有效手段。本课题以第三方构件为研究对象，首先研究第三方构件静态及动态运行时的显式及隐式安全漏洞特点，基于数据挖掘技术给出构件的安全性测试模型。然后基于此测试模型采用频繁项集和序列模式挖掘算法挖掘生成需求规约和有效的构件接口方法及构件方法执行序列，进一步导出构件状态转换图并生成接口方法测试序列。在此基础上给出相应的构件条件及状态变异算法,并对测试序列进行条件及状态变异，根据变异算法生成变异测试序列进行安全性测试。此外，基于构件测试运行时的监测日志及变异测试产生的不安全序列，采用数据分类技术、频繁项集及序列挖掘算法得到安全关联规则、安全异常方法及安全异常方法执行序列，同时生成安全测试报告。本课题的研究将为第三方构件的安全性测试提供新的方法和思路，将进一步促进构件软件工程的发展。

中文关键词： 第三方构件；安全性测试；数据挖掘；测试序列；变异测试

英文摘要： Component-based software engineering (CBSE) is currently a popular research focus in the field of software engineering. New component development technologies aim to enhance the efficiency of component development and performance. However, problems related to component reliability and security have not been effectively solved, which worries the component developer and user. Presently, a few approaches for software security testing are being used; these are mainly derived from traditional software testing approaches. These approaches, however, are unsuitable for component security testing, especially the third-party component testing. These traditional testing approaches mainly focus on functionality testing, which, to some extent, can satisfy the requirements for functionality testing of components and component systems. However, these approaches themselves are not yet mature, for most components source code is unavailable and the components are extremely independent, which challenges the security testing of the third-party components. The security of third-party components blocks the development of component technology, and it is also an important part of software quality system. Security testing is an effective means to ensure this characteristic. The third-party components are our research object in this proj

英文关键词： Third-party component；Security testing；Data mining；Testing sequence；Mutation testing