中文摘要：

为了更加有效地开发安全可信的软件,需要在软件开发生命周期中尽早考虑安全问题.为了解决这一问题,提出了一种基于设计级别的攻击场景生成安全测试的方法,该方法包括建模并验证攻击场景,用攻击场景生成安全测试序列,基于输入语法生成测试输入数据,生成模型级别的安全测试用例,将模型级别的安全测试用例转化为可执行的安全测试用例.设计并实现了一个实验,验证了所提出方法的可行性和有效性.

英文摘要：

In order to build secure and trusted software in a cost-effective way,it is necessary to consider security problems as early as possible in the software development life cycle.To solve this problem,an approach to security test generation based on design level attack scenario was presented.This approach consists of modeling and validating attack scenario,generating security test sequences from attack scenario,generating security test input based on input syntax,generating model level security test cases,and converting model security test cases into executable security test cases.An experiment has been conducted to validate the feasibility and effectiveness of the presented approach.