| 一种安全需求分析中的用例漏洞检测方法 |
| |
| 引用本文: | 李晓红,王翔宇,冯志勇.一种安全需求分析中的用例漏洞检测方法[J].计算机工程与应用,2010,46(5):51-54. |
| |
| 作者姓名: | 李晓红 王翔宇 冯志勇 |
| |
| 作者单位: | 天津大学 计算机科学与技术学院,天津 300072 |
| |
| 基金项目: | 国家自然科学基金No.90718023;;国家高技术研究发展计划(863)No.2007AA01Z130~~ |
| |
| 摘 要: | 提出一种基于攻击模式的用例漏洞检测方法,用于对需求分析人员设计的用例图进行漏洞检测。该方法以形式化用例作为基础,把误用例作为安全攸关信息的载体、设置为用例的特殊属性。通过与用户的交互完成误用例相关属性的信息采集,并进一步运用这些信息计算出用例的误用例指数。将此指数与预定义的攻击模式相关指数进行对比,以此来判断该用例是否与某个特定误用例、某些特定攻击模式相关。从而检测到用例图中的用例漏洞,并在此基础上提出可行建议。
|
| 关 键 词: | 安全需求分析 误用例 攻击模式 |
| 收稿时间: | 2009-4-1 |
| 修稿时间: | 2009-5-16
|
Method to detect leaks of use case in security requirement analysis |
| |
| LI Xiao-hong,WANG Xiang-yu,FENG Zhi-yong.Method to detect leaks of use case in security requirement analysis[J].Computer Engineering and Applications,2010,46(5):51-54. |
| |
| Authors: | LI Xiao-hong WANG Xiang-yu FENG Zhi-yong |
| |
| Affiliation: | College of Computer Science and Technology,Tianjin University,Tianjin 300072,China |
| |
| Abstract: | A method based on attack patterns is proposed to help software designers to detect the leaks of use cases in the original designed use case diagram.Then some feasible mitigations can be expected.The method,based on the formulation of use cases,takes misuse cases as the special attributes of use case which are concerned to security.The information involved potential misuse case is supposed to be got from the interaction with customer.On this basis,the misuse-point can be calculated.The comparison between the... |
| |
| Keywords: | security requirement analysis misuse case attack pattern |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
