| Software play more important role than before in computer system, people hopes that software provide more reliability and more security. In recent years, many countries and research institutions proposed projects for trustworthy software and trusted computing environment, American "national software development strategy (2006-2015)" put the development of trustworthy software in the first place, the United States natural science foundation established the science and technology research center, named TRUST, in the university of California, Berkeley, its purpose is to design, build and running trustworthy software. Meanwhile, the major research plan of trustworthy software was set up by the National Natural Science Foundation of China, and there are some theoretical and technical progresses.Up to now, software design and software development depend mainly on the developer’s knowledge and experiences. Thus, the automation level for software design and software development is not good. Some security vulnerabilities created by programmers’faults can become security problems and these problems can be used by malicious attackers when programs are put in use formally. Therefore, for guaranteeing and improving software security, software testing is necessary. Although some software security tests have a direct impact on the software security, the relationship between software security functional testing and software non-functional indexes (such as privacy, integrity, and fault tolerance, etc.) is not clear. Thus, the comprehensive security evaluation model for software is established based on results of security analysis and security test is a scientific problem to be urgently solved.In this paper, due to security testing and evaluation is new feature in computer system, the problem of covert channel, privacy of parallel program and obtaining non-functional indexes from functional testing results is researched based on formal theory and probability statistics theory. This thought emphasizes security analysis and security evaluation for software and those studies make some benefits on further development of security testing and evaluation. This thesis works on studying such the following respects:(1) DIFC system not only can provides security protection for processes in different security level transmit information, but also use explicit label mechanism for solving the problem of covert channel, which is caused by the timeout when processes transmit information, and this problem cannot be figured out by other security systems base on DIFC that they use implicit label mechanism. But the mechanism of label allocation system may also cause information leakage by a special covert channel when processes transmit information in flume system. In this paper, a covert channel detection model (CCDM) is introduced by analyzing the reason of information leakage in Flume system, the problem of covert channel searching is abstracted as the problem of directed graph linking by CCDM. And two algorithms that it can auto search covert channel in flume system is presented base on CCDM and the idea of backtracking algorithm. The results of experiment show that CCDM and algorithms not only can effectively detect covert channel in flume system, but also to provide the shortest path for processes to transmit information. Thus, the results of experiment can provide guidance for improving system security.(2) Privacy preserving plays an important role in application of computer system. As a part of the software system, concurrent program should increase calculated performance of system and provide the privacy protection for information. This paper proposes analysis model based on noninterference theory for privacy of concurrent program (CPNIAM), which can partition a concurrent program into processes units of sequential structure, and analyze noninterference between concurrent processes after proofing functional correctness of process units. Compared with traditional noninterference model, the examples show that CPNIAM can analyze that privacy information is leaked between concurrent processes by untrusted code, and the analysis results of examples also can provide the guidance for untrusted code of modification for programmer.(3) Security testing is a key technology for software security. The testing results can reflect the relationship between software testing and software security and they can help program designers for evaluating and improving software security. But it is difficult to describe by mathematics the relationship between the results of software functional testing and software non-functional security indexes. In this paper, we propose a mathematics model (MSMAM) based on principal component analysis. This model can get non-functional security indexes by analyzing quantized results of functional tests and guide the effective allocation of testing resources in the process of software testing.(4) Security evaluation model is proposed based on Multi-attribute utility theory and results of CCDM, CPNIAM and MSMAM. This model can comprehensively consider software security and environment security and it can also provide quantitative security index. this model reflects software security change by comparing with two indexes. |
PDF Full Text Request