计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (5): 51-54.DOI: 10.3778/j.issn.1002-8331.2010.05.016

• 研发、设计、测试 • 上一篇    下一篇

一种安全需求分析中的用例漏洞检测方法

李晓红,王翔宇,冯志勇   

  1. 天津大学 计算机科学与技术学院,天津 300072
  • 收稿日期:2009-04-01 修回日期:2009-05-16 出版日期:2010-02-11 发布日期:2010-02-11
  • 通讯作者: 李晓红

Method to detect leaks of use case in security requirement analysis

LI Xiao-hong,WANG Xiang-yu,FENG Zhi-yong   

  1. College of Computer Science and Technology,Tianjin University,Tianjin 300072,China
  • Received:2009-04-01 Revised:2009-05-16 Online:2010-02-11 Published:2010-02-11
  • Contact: LI Xiao-hong

摘要: 提出一种基于攻击模式的用例漏洞检测方法,用于对需求分析人员设计的用例图进行漏洞检测。该方法以形式化用例作为基础,把误用例作为安全攸关信息的载体、设置为用例的特殊属性。通过与用户的交互完成误用例相关属性的信息采集,并进一步运用这些信息计算出用例的误用例指数。将此指数与预定义的攻击模式相关指数进行对比,以此来判断该用例是否与某个特定误用例、某些特定攻击模式相关。从而检测到用例图中的用例漏洞,并在此基础上提出可行建议。

关键词: 安全需求分析, 误用例, 攻击模式

Abstract: A method based on attack patterns is proposed to help software designers to detect the leaks of use cases in the original designed use case diagram.Then some feasible mitigations can be expected.The method,based on the formulation of use cases,takes misuse cases as the special attributes of use case which are concerned to security.The information involved potential misuse case is supposed to be got from the interaction with customer.On this basis,the misuse-point can be calculated.The comparison between the misuse-point of target use case and the ones of defined attack patterns can justify whether the target use case is related to certain misuse cases or attack patterns.Thus the possible leaks of use cases will be exposed.Further,the feasible mitigations turn to be available.

Key words: security requirement analysis, misuse case, attack pattern

中图分类号: