General safety test generation method based on threat modeling

A security test and test sequence technology, applied in the field of general security test generation based on threat modeling, can solve the problems of lack of cause and condition analysis, can not guide development and test design well, and achieve the effect of solving security problems

Pending Publication Date: 2021-08-20
NANJING UNIV
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method is only used to identify threats, and lacks specific analysis of the causes and conditions of threats. It cannot guide subsequent development and test design well, and fundamentally solve security problems.
The existing security tests are not well connected with the STRIDE method. They are specific tests for specific threats.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General safety test generation method based on threat modeling
  • General safety test generation method based on threat modeling
  • General safety test generation method based on threat modeling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0033] see Figure 1-4 , the present invention provides a technical scheme: a general security test generation method based on threat modeling, the method comprises the following steps:

[0034] S100: Modeling based on system user requirements; this example is the user's requirement for logging in to an e-wallet account, and modeling is performed according to the system user's requirement for logging in to an e-wallet account, and a d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a general safety test generation method based on threat modeling. The method comprises the following steps: modeling according to system user requirements; performing threat recognition on the system by using STRIDE, and generating a threat type corresponding to each element; generating a universal threat mode tree based on the generated threat type, and then generating a universal test sequence based on the generated threat mode tree; and finally, formulating a universal test case based on the generated test sequence. According to the method, the defects that in the prior art, threats are recognized by using an STRIDE method of Microsoft, but specific analysis on reasons and conditions of occurrence of the threats is lacked, subsequent development and test design cannot be well guided, and safety problems cannot be fundamentally solved are overcome, universal tests can be generated on the basis of STRIDE, and the method has the advantages of being high in practicability and easy to popularize. Threat recognition and analysis are transited to test design, and the effect of fundamentally solving the safety problem can be well achieved.

Description

technical field [0001] The invention relates to the technical field of requirement modeling and security testing in the field of software engineering, in particular to a general security testing generation method based on threat modeling. Background technique [0002] As software is widely used, it has become an indispensable part of people's life and work. The use of software has brought convenience to people, and the security of software has also caused great trouble for people. The security of software becomes particularly important. With the increase of the product scale, if the security loopholes and defects of the software are repaired in the later stage of software testing or after the completion of the software construction, the losses will be huge. Only by identifying the threats faced by the system from the early requirements and design stages of software development, and solving them as soon as possible, and building safe software, can the software quality be bett...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57G06F21/56
CPCG06F11/3684G06F11/3688G06F21/577G06F21/56
Inventor 付昌兰张贺李杉杉荣国平邵栋
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap