基于安全策略模型的安全功能测试用例生成方法基于安全策略模型的安全功能测试用例生成方法.pdf

计 算 机 研 究 与 发 展 ISSN 1000- 1239PCN 11- 1777PT P Journal of Comput er Research and Development 46( 10) : 1686- 1692, 2009 基于安全策略模型的安全功能测试用例生成方法 张 敏 冯登国 陈 驰 ( 中国科学院软件研究所信息安全国家重点实验室 北京 100190) ( mzhang@ is. iscas. ac. cn) A Security Function Test Suite Generation Method Based on Security Policy Model Zhang M in, Feng Deng guo, and Chen Chi ( State K ey L aboratory of Inf ormation Security , Institute of S of tw are, Chinese A cademy of S ciences, Beij ing 100190) Abstract T he third-party independent security function testing is o ne essential step of the security ev aluatio n of secur ity pro ducts. Generally the test case generatio n of independence testing is based on the pro duct specificatio n. H ow ever , in the independence testing of security products such as the secure database manag em ent system ( SDBM S) , the product m ust satisfy the r equirement of the security policies in addition to the requirement of the product specificatio n, w hich describes the objects and the measurement o f the protection. Since the behavior s o f security products ar e more precisely described in the secur ity mo dels instead of the specifications, the authors provide a test case generation metho d based on the form al security policy model. The metho d include the g ener ation of the test specification based on the formal security po licy m odel, the test space partitioning based on bo th the g rammar and rules; partitio ning rule based on the type and the com bination principles. The method is m ore likely to find the fault and error in the product than in manual testing, and it helps the automation of testing and impr oves the efficiency. Key words security policy model; security functio nal test; test case g eneration; test automation; ty pe-based partition 摘 要 实施第三方安全功能独立测试是信息安全产品测评中的一个重要环节,