Abstract:To solve the automatic detection problem of component security exceptions for the thirdparty component, a prototype tool of thirdparty component security testing system(TCSTS) was designed and implemented. The TCSTS could employ three aspects of security testing for thirdparty component of parameter mutation testing, condition mutation testing and state mutation testing. In parameter mutation testing, the variance value was set as parameter constraint by the test case generation algorithm based on the parameter constraint (TCGPC), and the test cases were generated with different parameter constraint. In condition mutation testing, the test cases were generated to satisfy and violate the precondition, and the existence of security vulnerabilities was checked in the condition judgment statement with postcondition. In state mutation testing, executable method sequences of components were transformed into extended finite state machine (EFSM), and operations conflict sequences generated algorithm (OCGA) and conditions conflict sequences generated algorithm (CCGA) were designed to mutate EFSM and generate conflict sequences. The security testing of conflict sequences after mutation was implemented. The results show that the TCSTS has good operational ability and testing ability. The detection rate of abnormal sequence by TCSTS is more than 20%, which indicates that TCSTS can detect the staterelated security vulnerabilities in the component security testing.
2018, Vol. 39 
