Open AccessAn approach of security testing for third‐party component based on state mutation
Author(s) -
Chen Jinfu,
Chen Jiamei,
Huang Rubing,
Guo Yuchi,
Zhan Yongzhao
Publication year - 2016
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.1189
Subject(s) - computer science , component (thermodynamics) , executable , third party , state (computer science) , computer security , third generation , theoretical computer science , computer security model , algorithm , programming language , telecommunications , physics , internet privacy , thermodynamics
It is essential to study an effective approach of security testing for third‐party component. In this paper, to effectively trigger implicit vulnerabilities of third‐party components, an approach of security testing for third‐party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third‐party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third‐party components. Copyright © 2015 John Wiley & Sons, Ltd.