Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Crown Copyright (2000) Module 2.3 Functional Testing.

Similar presentations

Presentation on theme: "© Crown Copyright (2000) Module 2.3 Functional Testing."— Presentation transcript:

1 © Crown Copyright (2000) Module 2.3 Functional Testing

2 You Are Here M2.1 Security Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3 Introduction What is Functional Testing ? –Why do we do it ? Developer testing –coverage and depth Evaluator testing –corroboration of developer testing –additional testing

4 What is Functional Testing ? Testing the Security Functions Confidence in design and refinement Proving the developers tests To collect ideas for Penetration Testing

5 Developers Test Evidence Test Plans and Specifications Test Programs Expected and Actual results

6 Test Coverage and Depth Covering the security functions Demonstrate that the TOE operates in accordance with the design Levels of testing and demonstration of coverage –direct –indirect

7 Different types of testing Repeating developers tests –sampling of tests Additional tests to ensure security functionality fully covered using different –interfaces –inputs –configuration parameters

8 ITSEC Requirements

9 CC Requirements

10 Typical Functional Test Form

11 Evaluation Reporting Record and justify sampling strategy Justify strategy for additional testing Record results of tests and conclusions Provide test configuration details

12 Summary Confidence that the security functions behave as specified –coverage and depth –corroboration of developer tests –additional tests Understanding before Penetration testing

13 Further Reading ITSEC evaluation UK SP 05 Part III, Chapter 7 CC evaluation CC Part 3, Sections 2.6.6 and 13 CEM Part 2, Chapters 5-8 (ATE sections)

14 Exercise - 1 Only an administrator with the appropriate authorisation shall be able to: create new user accounts delete, disable or enable existing user accounts. Identify test cases to provide adequate coverage of the above security function

15 Exercise - 2 Identify test cases to cover all statements all branches AB C TRUEFALSE y z TRUE

Download ppt "© Crown Copyright (2000) Module 2.3 Functional Testing."

Similar presentations

Ads by Google