| Information technology plays a very important role in many fields in recent years. While offering lots of benefits for people, it brings new security problems. Because it is hard for producers and customers to evaluate the information products'security objectively, software must be evaluated by unattached third party. Information security software must pass authoritative evaluation before coming into the market. It becomes very important for developers to find the security defects of information software and to make the product pass the evaluation process.Software testing is a process to check out designing and programming faults. To achieve the standards, software testing plays a very important role in ensuring the software quality. However, testing process of information security software now depends highly on experience and competence of security theory of the testers. As a result, how to apprehend the security of the software and test normatively becomes a problem.The objective of this research subject is proposing a method for analyzing the security character of information software and designing test cases based on an international authoritative standard—common criteria (CC), and offering a theoretical foundation and an operational reference for practical testing.This thesis summarizes the evaluation criteria which is popular in nowadays, expounds the traits and the application of CC. An analyzing method is employed to analyze the information security aspects based on CC. This method is designed for meeting security requirements of the software. As follows, a two-path based method of test cases designing is proposed and an example system of documents security management software is given.From the result of practical testing, it can be seen that this method can make the testing effective and comprehensive, and be proved to be feasible. |
PDF Full Text Request