Threat modeling method added with attack path formalization analysis

A technology of attack path and modeling method, which is applied in the direction of instruments, electronic digital data processing, computer security devices, etc., can solve problems such as exploitation, achieve the effect of reducing security defects, improving the scope of application, and lowering the technical threshold

Inactive Publication Date: 2010-02-24
TIANJIN UNIV
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current Russian related technologies have not been able to effectively use UML for the analysis of potential software defect information.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat modeling method added with attack path formalization analysis
  • Threat modeling method added with attack path formalization analysis
  • Threat modeling method added with attack path formalization analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention is divided into following two main processes:

[0044] (1) Threat Acquisition

[0045] First create an overview of the application or system, described with a use case diagram. The key to drawing a use case diagram is use case modeling. The typical use case modeling process is: find out the boundaries, participants and use cases of alternative applications or systems, and iterate this process until the system boundaries, participants and use cases are stabilized. In this process, the main purpose of use-case modeling is to identify the assets of the application or system, based on which the number of iterations of use-case modeling is considered. The initial stage of use case modeling is to make an estimate of the application or system boundary to help define the modeling activities; then, iterate on the activities whose output is the use case model, including:

[0046] 1) Application or system boundary: Describe the boundary of the application o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a threat modeling method added with attack path formalization analysis. In software design stage, software defect information is extracted by UML active graph decomposition application or system and threat modeling is carried out. The method includes the following steps: creating and modeling use case; creating silhouette of application or system; decomposing the application or system by using the active graph; using the acquired key asset information as threat object, creating a threat tree by taking the threat object as root node and assigning value to all nodes in the threat tree including value assignment on root nodes and leaf nodes; classifying and evaluating the threat object; and calculating the attack path of the threat tree. Compared with the prior art, the invention can reduce software product safety defect and improve software quality, improves application range of threat modeling, obtains more comprehensive and accurate threat relaxation scheme, realizes threat modeling automation and greatly reduces technical threshold, cost and development period of trusted software development.

Description

technical field [0001] The invention relates to the field of software development and design, in particular to a trusted software construction technology, taking the software development process as the research object, discovering and analyzing software defects in the software design stage, and developing trusted software. Background technique [0002] With the popularity of computers and the Internet, software has become an important carrier for resource acquisition and utilization in the information age. However, a large number of software defects lead to the unsatisfactory production status of the software. In this situation, the safety of the software has become an important guarantee for the normal and efficient operation of various tasks. At present, the research on software trustworthiness and security mainly has three perspectives: 1) From the perspective of software developers, research software security engineering methodology; 2) From the perspective of attackers,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/44G06F21/22
Inventor 李晓红邢金亮许光全刘然丁刚刚
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap