| With the development of research and realization on secure Operating System (OS), how to establish an integrative and effective framework of secure OS testing and what to do detailedly for it has become the important motivity for next research and development on secure OS.The purpose of research on secure OS testing methodology is building the framework of secure OS testing and finding all kinds of methods for testing, especially we focus on describing the edge of testing, methods of security function testing, security penetration testing, covert channel analysis and testing, also, developing navigation testing tools and automated testing tools.After reading lots of papers and documents about security testing and studying kinds of security testing tools, we establish an elementary framework based on TCSEC. This paper also discusses theories, standards and methods on how to test secure OS design and realization entirely and detailedly.At present, security testing tools are divided into two types, navigation testing and automated testing. Manual testing is still the primary method of secure OS testing, so research and development on testing tools are important. As instances, we realized a security function navigation tool and an automated password scanning tool. The former based on client/sever mode and database server, and the latter based on dictionary attack.We need to make greater efforts to improve standards and methods on secure OS testing, also to develop testing tools.
|
PDF Full Text Request