Testing approach of component security based on dynamic monitoring

The reliability and security of software components inhibits the further development of component technology. Enhancing the testing ability of components is very important in components-based software engineering. This paper proposes a testing approach of component security (TACS) based on a dynamic monitoring and detecting algorithm CSVD (component security vulnerability detecting) and discusses the dynamic monitoring mechanism, testing approach and detecting algorithm. In addition, Punylib.dll, a third-party component, is analyzed using TACS for its security analysis. The case study shows that TACS has good integrity, validity and better operability.

[1]  F. Jabeen,et al.  A framework for object oriented component testing , 2005, Proceedings of the IEEE Symposium on Emerging Technologies, 2005..

[2]  Khaled M. Khan,et al.  Characterising user data protection of software components , 2000, Proceedings 2000 Australian Software Engineering Conference.

[3]  Navjot Singh,et al.  Libsafe: transparent system-wide protection against buffer overflow attacks , 2002, Proceedings International Conference on Dependable Systems and Networks.

[4]  Ann Q. Gates,et al.  DynaMICs: an automated and independent software-fault detection approach , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[5]  Qun Zhong,et al.  Security Control for COTS Components , 1998, Computer.

[6]  Elaine J. Weyuker Testing Component-Based Software: A Cautionary Tale , 1998, IEEE Softw..

[7]  Jun Han,et al.  Security characterisation and integrity assurance for component-based software , 2000, Proceedings International Conference on Software Methods and Tools. SMT 2000.

[8]  V. Ganapathy,et al.  Automatic discovery of API-level exploits , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[9]  Gregory M. Kapfhammer,et al.  An approach for understanding and testing third party software components , 2002, Annual Reliability and Maintainability Symposium. 2002 Proceedings (Cat. No.02CH37318).

[10]  Gary McGraw Software Security , 2012, Datenschutz und Datensicherheit - DuD.

[11]  A.J.A. Wang Security testing in software engineering courses , 2004, 34th Annual Frontiers in Education, 2004. FIE 2004..

[12]  Mao Chengying and Lu Yansheng Research Progress in Testing Techniques of Component-Based Software , 2006 .

[13]  Khaled M. Khan,et al.  Assessing security properties of software components: a software engineer's perspective , 2006, Australian Software Engineering Conference (ASWEC'06).

[14]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[15]  Nikolai Joukov,et al.  Kefence: An Electric Fence for Kernel Buffers , 2005 .

[16]  Sheila B. Banks,et al.  Dynamic software security testing , 2006, IEEE Security & Privacy.

[17]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[18]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach (McGraw-Hill Series in Computer Science) , 2004 .

[19]  Yang Yu,et al.  Automated and safe vulnerability assessment , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[20]  Simon Shim,et al.  Monitoring software components and component-based software , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[21]  Andrea Polini,et al.  A framework for component deployment testing , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[22]  Nimal Nissanke,et al.  Component security - issues and an approach , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[23]  Khaled M. Khan,et al.  A security characterisation framework for trustworthy component based software systems , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.