General safety test generation method based on threat modeling

A security test and test sequence technology, applied in the field of general security test generation based on threat modeling, can solve the problems of lack of cause and condition analysis, can not guide development and test design well, and achieve the effect of solving security problems
CN113282507APending Publication Date: 2021-08-20NANJING UNIV
2 Cites 4 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANJING UNIV
Publication Date
2021-08-20

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a general safety test generation method based on threat modeling. The method comprises the following steps: modeling according to system user requirements; performing threat recognition on the system by using STRIDE, and generating a threat type corresponding to each element; generating a universal threat mode tree based on the generated threat type, and then generating a universal test sequence based on the generated threat mode tree; and finally, formulating a universal test case based on the generated test sequence. According to the method, the defects that in the prior art, threats are recognized by using an STRIDE method of Microsoft, but specific analysis on reasons and conditions of occurrence of the threats is lacked, subsequent development and test design cannot be well guided, and safety problems cannot be fundamentally solved are overcome, universal tests can be generated on the basis of STRIDE, and the method has the advantages of being high in practicability and easy to popularize. Threat recognition and analysis are transited to test design, and the effect of fundamentally solving the safety problem can be well achieved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of requirement modeling and security testing in the field of software engineering, in particular to a general security testing generation method based on threat modeling. Background technique

[0002] As software is widely used, it has become an indispensable part of people's life and work. The use of software has brought convenience to people, and the security of software has also caused great trouble for people. The security of software becomes particularly important. With the increase of the product scale, if the security loopholes and defects of the software are repaired in the later stage of software testing or after the completion of the software construction, the losses will be huge. Only by identifying the threats faced by the system from the early requirements and design stages of software development, and solving them as soon as possible, and building safe software, can the software quality be bett...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More