Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Evaluation method for Web application architecture security based on AADL

A web application and security technology, applied in computer security devices, platform integrity maintenance, instruments, etc., can solve problems such as inaccurate software architecture description accuracy, inability to fully meet security evaluation requirements, and affect the quality of construction models

Active Publication Date: 2017-08-29
TIANJIN UNIV
View PDF5 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the above assessment techniques mainly have two shortcomings: on the one hand, the existing assessment techniques are more suitable for assessing the reliability and usability of software architectures, and cannot fully meet the assessment requirements for security
On the other hand, the "heavyweight" evaluation technology has a high cost, the "lightweight" evaluation method has a low degree of practicality, and the "lightweight" evaluation method is not accurate in describing the software architecture, which affects the evaluation The quality of the model constructed in the method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Evaluation method for Web application architecture security based on AADL
  • Evaluation method for Web application architecture security based on AADL
  • Evaluation method for Web application architecture security based on AADL

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0082] The technical solutions of the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0083] like figure 1 As shown, it is the overall evaluation process of the AADL-based Web application architecture security evaluation method of the present invention. The method mainly includes four parts. First, it decomposes the Web application architecture; Descriptive analysis is carried out to construct the AADL architecture model; then the architecture security model is generated through the model replacement tool; finally, the architecture security value is calculated according to the security calculation method, and the security evaluation is performed based on the architecture security value. The detailed description of main steps of the present invention is as follows:

[0084]Step 1. Decomposing the Web application architecture. This step includes two activities: decomposing the Web application ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an evaluation method for the Web application architecture security based on AADL. The evaluation method includes the steps that (1) a Web application architecture is decomposed; (2) an AADL architecture security model is established, wherein an AADL architecture description model and an AADL architecture security threat model are established; (3) an architecture security tree model is generated, and comprises an architecture security quality tree and an architecture security threat tree; (4) an architecture security value and an architecture security threat value are calculated. According to the evaluation method for the Web application architecture security based on AADL, the security of the architecture can be actively evaluated in the design stage of the Web application architecture to assist architecture designers in discovering the security problems existing in the Web application architecture as early as possible, the security quality of the architecture is improved, and therefore the Web application security is improved.

Description

technical field [0001] The invention relates to the field of trusted computing; in particular, it relates to a method for evaluating the security of a Web application framework. Background technique [0002] At present, web applications are closely related to people's daily life. However, in recent years, security vulnerabilities of web applications have been exposed continuously, and the negative impact of security problems has become more and more serious, even threatening human life. of close attention. According to TOPTen issued by OWASP, an internationally authoritative web application security organization, it can be seen that among the effective network attacks in the world, those based on web applications account for 80%. It can be seen that it is imminent to solve the problem of web application security. [0003] In order to reduce and solve the security problems in Web applications, the consensus of secure software development is to consider security issues as ea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 李晓红李姝昕
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com