关键词: 测试用例, 信息安全产品测评, 类型划分, 安全策略模型

Abstract: During the security evaluation of security products, one of the difficulties is the lack of proper test cases. Current automatic test case generation tools cannot completely solve the problem. Because, most specifications of information security products such as the Secure Database Management System (SDBMS) cannot reflect the systems’ real behavior. Besides the requirements of the product specification, the system must also satisfy the requirements of the security policies. In this paper, we present the design and implementation of CaseBuilder, an automatic test case generating tool, which has adopted a test case generating method based on product’s security policies. As the result of prototyping, CaseBuilder can generate test cases for SDBMS effectively, which can satisfy the testing requirement of security policy model well.

Key words: test case, evaluation of security product, type-based partition, security policy model