Common Criterion security evaluations require an analysis of test dependencies present (if any) during the testing activities of an application under evaluation. Such analysis is required to ensure that no fault masking occurs. In this paper, we present 1) a formalization of the notion of test dependencies from fault masking perspective in terms of a test dependency graph (TDG), 2 ) a model based approach for derivation of a TDG for a set of use cases, 3) an algorithm which derives a test order from a TDG to minimize the debugging cost, and 4) results from a case study using a secure smart card operating system. Our results indicate that fault masking in the presence of test dependencies is not a serious concern.
By: Amit Paradkar; Suzanne McIntosh; Sam Weber; David Toll; Paul Karger; Matt Kaplan
Published in: RC23717 in 2005
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .