Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System-asset-based software security requirement analysis method

A technology for demand analysis and software security, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of low efficiency, consume a lot of time and energy, and use high thresholds, and achieve the goal of improving development efficiency, reducing development costs, The effect of improving safety

Inactive Publication Date: 2012-11-28
TIANJIN UNIV
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the current security requirements analysis using CC has the following problems: 1) The whole process requires the participation of security experts and relies on the subjective experience of security experts, especially in the process of security function selection, the quality of component selection directly affects software security The accuracy of the requirements makes its use threshold relatively high, and most civilian systems will not be available; 2) The user's participation is too frequent, the analysis process consumes a lot of time and energy, and the efficiency is very low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System-asset-based software security requirement analysis method
  • System-asset-based software security requirement analysis method
  • System-asset-based software security requirement analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The specific implementation, structure, features and effects provided by the present invention will be described in detail below in conjunction with the accompanying drawings and preferred embodiments.

[0023] The system principle of the present invention, such as figure 1 As shown, it includes two processes. Process 1: First, the establishment of the corresponding relationship between the system asset category and the security function component, and the establishment of the corresponding relationship between the asset and the security function component. This process is also After the construction process of the knowledge base is completed, it can be used as empirical knowledge in each specific development;

[0024] The process includes the following steps:

[0025] 1-1. Classification of system assets, threats, and attack modes

[0026] System assets are objects that need to be protected in the system or entities that are closely related to system functions. A th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system-asset-based software security requirement analysis method. The method comprises the following steps of: 1, establishing the corresponding relation between system asset categories and security functional components, and the corresponding relation between assets and threats which may appear among the security functional components, constructing a security knowledge library, classifying system assets, threats and attack modes, and establishing the corresponding relation so as to ensure that the corresponding security components can be determined from the system assets; and 2, acquiring the corresponding security functional components in the security knowledge library aiming at the concrete system development according to the system assets determined by requirement personnel, performing refined selection by security requirement analysts in consideration of concrete technologies and security policies, and describing the finally selected security functional components into a security profile specification. Compared with the prior art, the method has the advantages that requirement analysts who have inadequate security knowledge can quickly perform security requirement analysis, the difficulty of the analysis of security functional requirements is effectively reduced, and the development cost of security requirements is reduced.

Description

technical field [0001] The invention relates to the technical field of software safety engineering; in particular, it relates to a software safety requirement analysis method. Background technique [0002] With the continuous development of the Internet and computer applications, software has penetrated into various fields of modern society and plays a vital role in the information society. However, the threat caused by software quality problems is becoming more and more serious. When people enjoy convenient services such as online transfer, online shopping, and online office provided by the software, they are also facing account leakage, important file leakage, and property loss. and other serious security issues. Therefore, software security issues have become the focus of attention of users in various industries, and effective design and development of trusted software is an important goal of today's software developers. [0003] Years of best practice experience in the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22
Inventor 李晓红朱明悦徐超王鑫胡昌柳懿真
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com