| 面向对象的威胁建模方法 |
| |
| 引用本文: | 何可,李晓红,冯志勇.面向对象的威胁建模方法[J].计算机工程,2011,37(4):21-23. |
| |
| 作者姓名: | 何可 李晓红 冯志勇 |
| |
| 作者单位: | 天津大学计算机科学与技术学院,天津,300072 |
| |
| 基金项目: | 国家自然科学基金资助项目,国家"863"计划基金资助项目 |
| |
| 摘 要: | 为提高软件设计的可信性,提出一种面向对象的威胁建模方法,不仅能够捕捉数据流中存在的威胁,而且能够捕捉控制流中存在的威胁。基于攻击路径,从成本效益角度更准确地评估威胁,根据评估结果制定缓和方案并确定优先级,应用缓和方案改进软件设计,有效地缓和威胁,增强系统安全性。实现一个面向对象的威胁建模工具,并以实例进行了验证。
|
| 关 键 词: | 威胁建模 软件安全 面向对象 |
Approach to Object Oriented Threat Modeling |
| |
| HE Ke,LI Xiao-hong,FENG Zhi-yong.Approach to Object Oriented Threat Modeling[J].Computer Engineering,2011,37(4):21-23. |
| |
| Authors: | HE Ke LI Xiao-hong FENG Zhi-yong |
| |
| Affiliation: | (School of Computer Science and Technology,Tianjin University,Tianjin 300072,China) |
| |
| Abstract: | To improve trustworthiness of software design, this paper presents an object oriented threat modeling approach. This approach captures not only threats existed in data flow, but also threats existed in control flow. To precisely evaluate threats, this approach adopts an attack path based evaluation method in terms of cost-effectiveness. According to the evaluation results, mitigation measures are designed and prioritized. Applying the mitigation measures to the design of software can effectively mitigate threats and enhance the security of applications. An object oriented threat modeling tool is implemented. A case study is given to demonstrate the approach. |
| |
| Keywords: | threat modeling software security object oriented |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
