Formalized modeling based software security requirement acquisition method

A formal modeling and software security technology, applied in electrical digital data processing, instruments, platform integrity maintenance, etc., can solve problems only for security experts, general users, unsatisfactory degree of standardization and ease of use, etc. problem, to achieve the effect of strong universality and improved accuracy

Active Publication Date: 2015-09-02
TIANJIN UNIV
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The emergence of the international security standard ISO / IEC15408 (CC standard) has guided the development and evaluation of information security products around the world. However, its standardization and ease of use are not satisfactory. Very broad, it is quite difficult for ordinary users to fully understand its connotation, only suitable for security experts

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Formalized modeling based software security requirement acquisition method
  • Formalized modeling based software security requirement acquisition method
  • Formalized modeling based software security requirement acquisition method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments, but the implementation scope of the present invention is not limited thereto.

[0019] Based on CWE, CAPEC and other international common vulnerability and threat information databases, the present invention uses formal language to describe system assets, behaviors and defects, and establishes a set of comprehensive assets, system behaviors, defects, threats, security objectives, A security knowledge base of security policies, security assumptions, security requirement levels, security assurance levels, security functional requirements, and security assurance requirements.

[0020] The present invention mainly has three parts. Firstly, the system behavior sub-library is added to the knowledge base, and the mapping relationship between each sub-library is constructed. At the same time, assets, defects and system behaviors are formalized to obtain...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a formalized modeling based software security requirement acquisition method. The method includes functional requirement acquisition, security environment analysis, security objective analysis, security requirement elicitation and final generation of a system security requirement file, wherein the file at least includes information of system asset, behavioral sequence, defects, threats, security strategies, security assumptions, security objectives, security requirement levels, security guarantee levels, security functional modules and security guarantee modules. Compared with the prior art, the formalized modeling based software security requirement acquisition method has the advantages that automation in acquisition of software security requirements is realized while precision in acquisition of the security requirements is greatly improved; the problems of failure in realization of computer processing, ambiguity and fuzziness of security knowledge bases in natural language description are solved to lay the foundation for automatic elicitation of the software security requirements; the method which is a typical software security requirement acquisition method is applicable to different types of software systems and high in universality.

Description

technical field [0001] The invention relates to the technical field of software safety, in particular to a technology for acquiring software safety requirements. Background technique [0002] With the widespread application of computers, software and information systems have penetrated into all walks of life and play an important role in the information society. However, software security issues come with high maintenance costs throughout the software life cycle, and these continuously increasing operating costs require organizations to carefully consider how they address software security issues. [0003] Software security requirements engineering can greatly improve the quality of developed software and reduce the cost of development and maintenance, but it has not attracted enough attention from the industry, and it also lacks comprehensive consideration of software assets, software defects, security goals, threat analysis and risk assessment, etc. Engineering framework ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/57G06F2221/033
Inventor 李晓红李洪波吴晓菲孙达志张蕾
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap