| With the application of more and more intelligent devices,information system destruction incidents caused by network security vulnerabilities have gradually increased,so the network security issues of information systems have become more and more important.In order to evaluate the network security standards reached by information systems,find security vulnerabilities in information systems in advance and enhance security defenses in information systems,governments and organizations have proposed a series of information system level protection assessment standards.Information system level protection assessment methods include interviews,verifications and tests.As an important part of China's level protection evaluation method,the test method needs to test the function of the security device in an actual environment.However,the size of the test suite will increase sharply with the increase in the number of devices,and it is difficult to execute all the test cases for the complex information system due to the limited resources and testers.Therefore,we study the test case optimization problem of security testing,propose two test suite reduction schemes and two test case priority schemes,and then design and implement a test case generation and optimization system for security testing.The schemes could reduce the size of test suite while ensuring security testing coverage.Specifically,the work done in this paper is as follows:First,aiming at the problem of redundant test cases in the test suite of security function testing,we establish a network model of the information system,and then propose a method of calculating the security device defense range and a test topology generation method.We select devices from the security device defense range using the test suite reduction schemes.The primary test suite reduction scheme is based on service function and environment requires and the depth test suite reduction scheme is based on the maximum security threat coverage.These two schemes can provide the test objects necessary for the functional test of the security device and reduce the size of the test suite as much as possible.Second,aiming at the problem of prioritization of test cases for functional testing of security device,we design a prioritization scheme based on the importance of security functions and a prioritization scheme based on threat coverage and propose two security test-oriented prioritization effect indicators security function importance coverage rate and security threat coverage rate based on the concept of average of the percentage of faults detected in the field of software testing.At the end,we analyze the priority ordering scheme based on the two indicators.The prioritization scheme based on the importance of security functions improves the effectiveness of test cases on security function importance coverage rate.And the prioritization scheme based on threat coverage improves the effectiveness of test cases on security threat coverage rate.Third,in order to verify the effectiveness of the test suite reduction scheme and the test case prioritization scheme,a prototype system is designed and implemented,the structure design and the specific implementation of each module of the prototype system is described in detail,and the function of the prototype system is tested,which proves the effectiveness of the test suite scheme and the test case prioritization scheme. |
PDF Full Text Request