| 面向等级保护的软件安全需求分析方法研究 |
| |
| 引用本文: | 江雷,朱建平.面向等级保护的软件安全需求分析方法研究[J].信息网络安全,2011(9):101-103. |
| |
| 作者姓名: | 江雷 朱建平 |
| |
| 作者单位: | 公安部信息安全等级保护评估中心,北京,100142 |
| |
| 摘 要: | 文章分析了在等级保护过程中进行威胁建模的必要性,结合《实施指南》提出一种基于威胁建模的软件安全需求分析方法,通过威胁一攻击图(TAG)评估攻击,根据评估结果及《基本要求》确定应对方案,将等级保护思想融入到软件安全设计阶段中,使得应对方案能更高效地改进软件设计以增强软件安全性,并通过实际案例对本方法进行了验证。
|
| 关 键 词: | 等级保护 软件安全 威胁建模 |
Research on Software Security Requirement Analysis Based on Information Classified Security Protection |
| |
| JIANG Lei,ZHU Jian-ping.Research on Software Security Requirement Analysis Based on Information Classified Security Protection[J].Netinfo Security,2011(9):101-103. |
| |
| Authors: | JIANG Lei ZHU Jian-ping |
| |
| Affiliation: | ( MPS Information Classified Security Protection Evaluation Center, Beijing 100142, China ) |
| |
| Abstract: | In this paper, the necessity of threat modeling during the process of information system classified security protection is analysed. Combined with the "Implementation Guide", a method of software security requirements analysis, which evaluated the risk by generating threat-attack graph and figures out the responses based on the assessment and the "basic requirements ", is proposed. By applying this method, the idea of information classified security protection is introduced into the software design phase, which facilitates the development of software security. A case is given to test the validity of the method. |
| |
| Keywords: | information classified security protection software security threat modeling |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
