第三方构件的安全性是影响构件技术发展的重要因素之一，也是软件质量指标体系的重要组成部分，而安全性测试是确保此特性的有效手段。本课题以第三方构件为研究对象，首先研究第三方构件静态及动态运行时的显式及隐式安全漏洞特点，基于数据挖掘技术给出构件的安全性测试模型。然后基于此测试模型采用频繁项集和序列模式挖掘算法挖掘生成需求规约和有效的构件接口方法及构件方法执行序列，进一步导出构件状态转换图并生成接口方法测试序列。在此基础上给出相应的构件条件及状态变异算法,并对测试序列进行条件及状态变异，根据变异算法生成变异测试序列进行安全性测试。此外，基于构件测试运行时的监测日志及变异测试产生的不安全序列，采用数据分类技术、频繁项集及序列挖掘算法得到安全关联规则、安全异常方法及安全异常方法执行序列，同时生成安全测试报告。本课题的研究将为第三方构件的安全性测试提供新的方法和思路，将进一步促进构件软件工程的发展。

Component-based software engineering (CBSE) is currently a popular research focus in the field of software engineering. New component development technologies aim to enhance the efficiency of component development and performance. However, problems related to component reliability and security have not been effectively solved, which worries the component developer and user. Presently, a few approaches for software security testing are being used; these are mainly derived from traditional software testing approaches. These approaches, however, are unsuitable for component security testing, especially the third-party component testing. These traditional testing approaches mainly focus on functionality testing, which, to some extent, can satisfy the requirements for functionality testing of components and component systems. However, these approaches themselves are not yet mature, for most components source code is unavailable and the components are extremely independent, which challenges the security testing of the third-party components..The security of third-party components blocks the development of component technology, and it is also an important part of software quality system. Security testing is an effective means to ensure this characteristic. The third-party components are our research object in this project. At first, the explicit and implicit characteristics of security vulnerabilities are researched when the third-party components are run in static or dynamic mode. A model of component security testing is given based on data mining technology, and then based on this testing model, frequent itemsets and sequential pattern mining algorithms are applied to generate the effective component methods and interface methods execution sequences. The component state transition diagram is derived, and further the testing sequences of interface methods are generated. The conditions and status mutation algorithms are given to mutate the testing sequences based on the testing sequences. The mutation testing sequences are generated by using the mutation algorithms, and security vulnerabilities are detected by executing the testing sequences. In addition, according to the monitoring log of tested components and insecure testing sequences generated by mutation testing, the security association rules, exceptional methods and exceptional method execution sequences are obtained by using data classification technology, frequent itemsets and sequence mining algorithms, and then the security testing report is generated. This research will provide some new approaches and ideas for security testing of the third-party components, which will further promote the development of component-based software engineering.