Research On Theory And Technology For Trusted Software Testing

With the wide application of the computer technology, especially the web applications, the problem of security has been the critical issue to researchers and users. Computer virus, malicious codes and hack attack are quite common, and information filches and identity forge occur all the time. Research and implementation illustrate that the primary cause of these phenomenon is the simplicity of the structure of software and hardware in personal computer. In order to reduce the unsafe factors in computer and network and obtain the goal of reliability, an integrated measure must be taken from the aspects of chips, hardware structure and operation system.The concept of Trusted Computing has come about from this background, and its object is trusted computing platform based on hardware security module in the domain of computing and communication system and the overall security will be enhanced.Trusted computing has been the major tendency in the domain of computer security, and China is undertaking the quick development both in the Trusted Computing technologies and industry. With the development of the products in Trusted Computing, the application of Trusted Computing will be widen quickly. The security of the information system can be enhanced greatly according to the Trusted Computing Platform, meanwhile, it is urgent to test and evaluate the trusted software of the Trusted Computing products, and enhance the security of information system.The quality of software has been the concern for both industrial community and academic community. Software testing is a key technology in the assuranceof software quality, and its goal is to discover and rectify the problems as many as possible.In this article, the analysis and testing of the trusted software are dealt with from three aspects:the analysis of the trusted software, the reduced testcase generation, the analysis and the evaluation of the non-functional attributes.The first research point is trusted software analysis.Aiming at the high level security requirement of trusted software and the common problems in the process of security testing, an improved method for pointer analysis is proposed. The method is based on the improved Static Single Assignment, and this method can improve the precision of the pointer in the operation of dereference.The set that the point variable may point to can be reduced which can help the operation of path selection and testcase generation. In the aspect of path selection, an improved dataflow analysis is proposed by using the function of define-use pair, which can improve the precision of the set that the point variable may point to and help generating the testcases, and reduce the maintenance of the software.The second aspect of this article is reduced testcase generation for trusted software. Aiming at the problem of state transition of large scale software system, an approach for reduced testcase generation is proposed, which can reduce the explosion of the state space of software. The method can divide the state space of the software according to the predicate set, and the reduced abstract state can be obtained by the mapping of the state sets, and testcase generation is based on the output of this process.The empirical results demonstrate that this method can reduce the test state space of the software system, and generate smaller size of testcases.The third aspect of this article is the analysis and evaluation of the non-functional attributes of the trusted software. Since the trusted software contains many non-functional attributes and these non-functional attributes are constraint for the functional attributes. A formal description method is proposed for the relation between testability and reliability from the aspect of trusted software reliability, which can help the testing of non-functional attributes indirectly. In order to evaluate the non-functional attributes, an improved method is proposed to evaluate the trusted software reliability. According to the evaluation of reliability for each sub-components, and then acquire the reliability for the whole system. The reliability of the whole system is related to the reliability of each component tightly, and this conclusion is verified by the results of the experiments.