Abstract
The research on component vulnerability testing is critical. In this paper, an approach of vulnerability testing is proposed based on condition mutation and parameter mutation in order to effectively detect the explicit vulnerabilities of third-party components. To start with, the Pre-condition Mutation Algorithm (PCMA) is presented to generate mutants set of the pre-condition and test cases are generated based on these mutants. Then, the Single Parameter Mutated Values (SPMV) procedure is addressed to generate parameter values based on mutation operators of parameter specification. These values are then taken as the input of the Test Case Generation Algorithm based on the Parameter Constraint (TCGPC), which is addressed to generate test case set violating the parameter constraint. The explicit vulnerabilities can be detected by the vulnerability detecting algorithm based on the test cases of condition and parameter mutation. The experiments show that our approach can detect explicit vulnerability faults of third-party components. Furthermore, the proposed approach can detect more vulnerability faults than other related approaches such as condition coverage methods, fuzzy testing method and boundary value method.
Highlights
With the development of component technologies, the number of the applications of the third-party components is increasing in some safety-critical software such as medical software and bank software
Current research on component security testing is rare, which mainly focuses on security characterization, security assessment, component deployment and wrapper testing method, security testing based on fault injection, formal methods, Jabeen and Jaffar-Ur Rehman [1] proposed security requirement specification for enhancing testability of component security, which provided specifications from the perspectives such as resources allocation, environment deployment, and method invocation
A testing approach of condition and parameter mutation was presented based on component requirement specification, which is the main part of the framework
Summary
With the development of component technologies, the number of the applications of the third-party components is increasing in some safety-critical software such as medical software and bank software. Current research on component security testing is rare, which mainly focuses on security characterization, security assessment, component deployment and wrapper testing method, security testing based on fault injection, formal methods, Jabeen and Jaffar-Ur Rehman [1] proposed security requirement specification for enhancing testability of component security, which provided specifications from the perspectives such as resources allocation, environment deployment, and method invocation. It did not figure out specific testing approach.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
