论文信息 - Vulnerability Testing of Software Using Extended EAI Model

Vulnerability Testing of Software Using Extended EAI Model

Software testing, throughout the development life cycle of software, is one of the important ways to ensure the quality of software. Model-based software testing technology and tools have higher degree of automation, as well as efficiency of testing. They also can detect vulnerabilities that other technologies are difficult to do. So they are widely used. This paper presents an extended EAI model (Extended Environment-Application Interaction Model), and does further research for vulnerability testing based on the model. Extended EAI model inherits the methodology of anomalies simulation of the original one. In order to monitor and control the process under test, we give an idea of introducing artificial intelligence technology and status feedback into the model, and also try to use virtual execution technology for testing. We use this technique based on the Extended EAI model to experiment on Internet work Operation System (IOS) software, and detect that some services of certain protocols running in IOS software have vulnerabilities. So the experimental results indicate that our method is feasible.

Ling Li | Juan Li | Xufa Wang | Fanping Zeng

[1] Mark A. Miller. Managing Internetworks with SNMP , 1997 .

[2] Wenliang Du,et al. Testing for software vulnerability using environment perturbation , 2002 .

[3] Péter Urbán,et al. An SNMP based failure detection service , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[4] Chen Huo. Survey of Model-Based Software Testing , 2004 .

[5] Wenliang Du,et al. Vulnerability Testing of Software System Using Fault Injection , 1999 .

[6] David Griffiths,et al. SNMP - versions 1 and 2: simple network management protocol: theory and practice , 1995 .

[7] Lian Yi-feng. Testing Mechanism of Environment Fault Injection , 2004 .

[8] Wenliang Du,et al. Testing for software vulnerability using environment perturbation , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[9] Gong Yun-zha. A Summary about Software Testing Methods , 2003 .

[10] G. Jiang. Multiple vulnerabilities in SNMP , 2002 .