Comparison of SETAM with security use case and security misuse case: A software security testing study |
| |
| Authors: | Zhanwei Hui Song Huang |
| |
| Affiliation: | HUI Zhanwei1,2,HUANG Song1,2 1.Software Test and Evaluation Centre,PLA University of Science and Technology,Nanjing 210007,Jiangsu,China;2.PLA Military Training Software Test and Evaluation Centre,Nanjing 210007,Jiangsu,China |
| |
| Abstract: | A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing. |
| |
| Keywords: | security testing security use case security misuse case software security testing behavior model security testing requirement |
| 本文献已被 CNKI SpringerLink 等数据库收录! |
|
