Security repository-based security requirement acquisition method

A technology of security knowledge and acquisition method, applied in the field of security requirements acquisition, can solve the problems of no unified security requirements analysis and acquisition method, no security requirements method, time and energy consumption, etc., to reduce costs, improve development efficiency, The effect of reducing repair costs

Inactive Publication Date: 2011-11-09
TIANJIN UNIV
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] To sum up, the research on security requirements engineering methods in the early stage is flourishing, but there is no unified security requirements analysis and acquisition method
Moreover, these methods generally rely on the subjective experience of security experts. The implementation of the security requirements enginee

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security repository-based security requirement acquisition method
  • Security repository-based security requirement acquisition method
  • Security repository-based security requirement acquisition method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention proposes a method for obtaining security requirements based on CC, which conducts semi-automatic analysis and detection for the possible security threats of assets in the software system during the software requirements stage. On the one hand, the security of the software system is improved, and on the other hand, security holes are reduced. mitigation costs. The method first establishes an asset threat knowledge base by abstracting and classifying common assets and threats of application systems. Then analyze the system use case diagram to obtain the key assets, and then match the key system assets with the asset threat knowledge base, and automatically analyze the threats and CC security function components to further obtain security requirements. The introduction is as follows:

[0028] 3) Build asset threat knowledge base

[0029] The construction of the knowledge base includes three parts: assets, threats and security function components. H...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of dependable computing, and relates to a security repository-based security requirement acquisition method. The method comprises two parts: 1, classifying assets and threats respectively, establishing correspondence, and constructing an asset-threat repository comprising the assets, the threats and a security functional component; and 2, performing a specific security requirement acquisition process which comprises the steps of analyzing a case, determining the asset, analyzing the threat, detailing the security requirement and iterating the security requirement. The method is mainly used for security requirement analysis and information acquisition of software at a requirement analysis stage by using CC (Common Criteria) standard, so that the security flaw at the early stage of software development is reduced.

Description

technical field [0001] The invention proposes a safety requirement acquisition method in the software development requirement stage, aims at improving the safety and credibility of software, and belongs to the field of software safety. Background technique [0002] With the wide application of computer software, software security issues have become the focus of attention of users in various industries. Efficient design and development of trusted software is an important goal of today's software developers. As a rule of thumb: in the software development process, the earlier a problem is found, the less expensive it will be to fix it. Research data also shows that when security analysis and security engineering are introduced in the early stages of software development, the return rate of software development is as high as 10% to 20%. From the perspective of procedural software engineering, requirements analysis is the first step in software development. Then, high-quality...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00
Inventor 李晓红许光全胡昌胡静冯志勇
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap