{"title":"CSTS:测试COM组件安全性的原型工具","authors":"Jinfu Chen, Yansheng Lu, Xiaodong Xie","doi":"10.1109/HIS.2009.229","DOIUrl":null,"url":null,"abstract":"The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS, a GUI (graphical user interface) software, adopts both static and dynamic testing based on fault injection and dynamic monitoring. Firstly, CSTS analyzes component type information and statically injects parameter faults into interface methods. Secondly, environment faults such as memory fault, file fault and process fault are injected into the tested component when the component is driven. Dynamic monitoring mechanism can monitor the running process of component and analyze the component security exceptions. Some commercial components were tested in the CSTS. The experimental results show that CSTS is effective and operable.","PeriodicalId":414085,"journal":{"name":"2009 Ninth International Conference on Hybrid Intelligent Systems","volume":"255 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"CSTS: A Prototype Tool for Testing COM Component Security\",\"authors\":\"Jinfu Chen, Yansheng Lu, Xiaodong Xie\",\"doi\":\"10.1109/HIS.2009.229\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS, a GUI (graphical user interface) software, adopts both static and dynamic testing based on fault injection and dynamic monitoring. Firstly, CSTS analyzes component type information and statically injects parameter faults into interface methods. Secondly, environment faults such as memory fault, file fault and process fault are injected into the tested component when the component is driven. Dynamic monitoring mechanism can monitor the running process of component and analyze the component security exceptions. Some commercial components were tested in the CSTS. The experimental results show that CSTS is effective and operable.\",\"PeriodicalId\":414085,\"journal\":{\"name\":\"2009 Ninth International Conference on Hybrid Intelligent Systems\",\"volume\":\"255 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Ninth International Conference on Hybrid Intelligent Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HIS.2009.229\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Ninth International Conference on Hybrid Intelligent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HIS.2009.229","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
组件安全自动化测试工具对基于组件的软件工程产生了巨大的影响,它们可以有效地保证基于组件的软件的安全性。设计并实现了一个原型工具CSTS(组件安全性测试系统),用于测试广泛使用的COTS (commercial -off- shelf) Microsoft COM(组件对象模型)组件的安全性。CSTS是一个GUI(图形用户界面)软件,采用基于故障注入和动态监控的静态和动态测试。CSTS首先对组件类型信息进行分析,并在接口方法中静态注入参数故障。其次,在驱动被测组件时,将内存故障、文件故障和进程故障等环境故障注入被测组件;动态监控机制可以监控组件的运行过程,分析组件的安全异常。一些商业部件在CSTS中进行了测试。实验结果表明,CSTS是有效的、可操作的。
CSTS: A Prototype Tool for Testing COM Component Security
The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS, a GUI (graphical user interface) software, adopts both static and dynamic testing based on fault injection and dynamic monitoring. Firstly, CSTS analyzes component type information and statically injects parameter faults into interface methods. Secondly, environment faults such as memory fault, file fault and process fault are injected into the tested component when the component is driven. Dynamic monitoring mechanism can monitor the running process of component and analyze the component security exceptions. Some commercial components were tested in the CSTS. The experimental results show that CSTS is effective and operable.