| 软件安全建模与检测 |
| |
| 引用本文: | 晁永胜,郑秋梅. 软件安全建模与检测[J]. 计算机仿真, 2007, 24(10): 86-88,114 |
| |
| 作者姓名: | 晁永胜 郑秋梅 |
| |
| 作者单位: | 中国石油大学计算机及通讯学院,山东,东营,257061;胜利测井公司,山东,东营,257095;中国石油大学计算机及通讯学院,山东,东营,257061 |
| |
| 摘 要: | 为有效表示和检测软件中存在的安全缺陷和隐患,提出了一种软件安全建模与检测技术--层次融合安全建模与检测技术.该技术采用多点建模技术,通过结合抽象建模、应用建模和数据建模等机制来实现对安全特征的描述.此外该技术利用表示层、应用层等不同抽象层次的建模信息,通过自动机与模型合成技术来构建安全特征模型.最后结合基于应用切片技术对软件中的安全缺陷与隐患进行检测.该技术克服了常规安全建模与检测中存在的缺点,可以有效表示和检测各种安全特征,提高了安全模型的表达力、复用性和适用性,降低了安全检测的复杂度.
|
| 关 键 词: | 安全模型 程序切片 安全检测 |
| 文章编号: | 1006-9348(2007)10-0086-03 |
| 修稿时间: | 2006-09-052006-09-24 |
Software Security Modeling and Checking |
| |
| CHAO Yong-sheng,ZHENG Qiu-mei. Software Security Modeling and Checking[J]. Computer Simulation, 2007, 24(10): 86-88,114 |
| |
| Authors: | CHAO Yong-sheng ZHENG Qiu-mei |
| |
| Affiliation: | 1.College of Computer and Communication Engineering;China University of Petroleum;Dongying Shandong 257061;China;2.Shengli Well Logging Corporation;Dongying Shandong 257095;China |
| |
| Abstract: | In order to effectively express and check security drawbacks and hazards hidden in software,a modeling and checking technique of software security,security modeling and checking by cohesion,is presented.A multi-model composition is applied to combine abstract models and application models with data models to describe security hazards.In addition,extraction of modeling information from different layers is in with automata and construction of models to fabricate models of security hazards.Finally,in collaboration with application-based slicing,security drawbacks and hazards hidden in software are checked.The technique of modeling and checking can express various security hazards.Therefore,expressivity,reusability and adaptability of modeling are improved.Meanwhile complexity of checking and analyzing is reduced. |
| |
| Keywords: | Security model Program slicing Security checking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
