Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software safety defect library system based on attack mode and management method thereof

A software security and defect technology, which is applied in the field of software security defect discovery and resolution based on attack patterns, can solve problems such as not being able to combine system attack patterns well, not systematically combining attackers, etc., to achieve rich defect semantic information, input High library operation efficiency and the effect of improving work efficiency

Active Publication Date: 2009-06-10
江苏永达电力电信安装工程有限公司
View PDF0 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most of the research at home and abroad is carried out in isolation from the above two unilateral aspects, without systematically combining the relationship and mutual influence among attackers, software defects and software development process, so it cannot be well combined with the system attack mode , the software security issues brought about by the classification and management of software defects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software safety defect library system based on attack mode and management method thereof
  • Software safety defect library system based on attack mode and management method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Effective classification and management of defects is conducive to improving the management level and quality of software projects. By establishing a security defect library to dynamically collect and manage software defects, it provides a favorable space for the storage, classification and management of software defects. To achieve this goal, a defect classification method for secure software defect libraries needs to be developed. The purpose of classification is to measure software defects and analyze the process causes of software defects, improve the software process, prevent software defects, improve software quality, and improve the maturity of the organization's software development capabilities.

[0029] Design idea of ​​the present invention comprises:

[0030] 1) Study the classification system of attack patterns and software defects, summarize the mapping relationship from attack patterns to software defect structures, and give a formalized security softwar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software security defect database system based on an attack mode, which comprises a construction unit of a security defect database, a management unit of the security defect database, and a security defect body. The software security defect database system is characterized in that the construction unit of the security defect database comprises the steps of establishing a mapping from the attack mode to a software defect structure, establishing a mapping from the attack mode to a security defect and a mapping from the security defect to a corresponding alleviation proposal, and constructing the two mappings into a unified model; and the management unit of the security defect database comprises a security defect information acquisition module and a security defect information classification module, wherein information acquisition is based on WEB subject mining technology, and defect classification is based on body technology. The software security defect database system simultaneously combines external attack mode analysis and a security-oriented software development cycle to construct a security defect database model, so as to reduce security defects of software products and improve the quality of software, thereby the software security defect database system meets different demands on software security defect examples in different stages and can be used for supporting the data service of the security defect model.

Description

technical field [0001] The invention relates to a software construction method, in particular to a method for discovering and solving software security defects based on an attack mode in the software development cycle. Background technique [0002] With the popularization of the Internet and the improvement of requirements for software security and credibility, software defects lead to unsatisfactory development status of software. Software defects are components in software work products that do not meet the specified requirements, and are the internal causes of software failures or even failures. Its production runs through the entire software project development life cycle. To fundamentally reduce the development cost of safe and reliable software and improve the reliability of the developed software, it is necessary to pay attention to such software defects and problems in the early stages of requirements and design. nature. The attack mode describes the behavior proce...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F21/00G06F21/60
Inventor 李晓红许光全刘然丁刚刚邢金亮
Owner 江苏永达电力电信安装工程有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com