期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向对象的威胁建模方法 被引量:9

Approach to Object Oriented Threat Modeling
下载PDF
导出
摘要 为提高软件设计的可信性,提出一种面向对象的威胁建模方法,不仅能够捕捉数据流中存在的威胁,而且能够捕捉控制流中存在的威胁。基于攻击路径,从成本效益角度更准确地评估威胁,根据评估结果制定缓和方案并确定优先级,应用缓和方案改进软件设计,有效地缓和威胁,增强系统安全性。实现一个面向对象的威胁建模工具,并以实例进行了验证。 To improve trustworthiness of software design, this paper presents an object oriented threat modeling approach. This approach captures not only threats existed in data flow, but also threats existed in control flow. To precisely evaluate threats, this approach adopts an attack path based evaluation method in terms of cost-effectiveness. According to the evaluation results, mitigation measures are designed and prioritized. Applying the mitigation measures to the design of software can effectively mitigate threats and enhance the security of applications. An object oriented threat modeling tool is implemented. A case study is given to demonstrate the approach.
作者 何可 李晓红 冯志勇
机构地区 天津大学计算机科学与技术学院
出处 《计算机工程》 CAS CSCD 北大核心 2011年第4期21-23,26,共4页 Computer Engineering
基金 国家自然科学基金资助项目(90718023) 国家"863"计划基金资助项目(2007AA01Z130)
关键词 威胁建模 软件安全 面向对象 threat modeling software security object oriented
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

  • 1Michael H, David L. Writing Secure Code[M]. Redmond, Washington, USA: Microsoft Press, 2003.
  • 2李建,刘吉强,周正,沈昌祥,张俊.可信移动平台软件安全载入策略模型研究[J].计算机工程,2009,35(2):148-150. 被引量:7
  • 3陈火旺,王戟,董威.高可信软件工程技术[J].电子学报,2003,31(z1):1933-1938. 被引量:115
  • 4Dewri R, Poolsappasit N, Ray I, et al. Optimal Security Hardening Using Multi-objective Optimization on Attack Tree Models of Networks[C]//Proc. of CCS'07. Alexandria, Virginia, USA:[s. n.], 2007.
  • 5Gran B A, Fredriksen R, Thunem A P J. Addressing Dependability by Applying an Approach for Model-based Risk Assessment[J]. Reliability Engineering & System Safety, 2007, 92(11):1492-1502.
  • 6Li Xiaohong, He Ke. A Unified Threat Model for Assessing Threat in Web Applications[C]//Proc. of the 2nd International Conference on Information Security and Assurance. Busan, Korea: [s. n.], 2008.

二级参考文献46

  • 1陈泽茂,沈昌祥.基于操作系统安全的计算机病毒防御策略[J].武汉理工大学学报,2004,26(9):75-77. 被引量:4
  • 2谢俊杰,孟利民.软件无线电的软件下载与安全策略[J].计算机与数字工程,2006,34(5):24-26. 被引量:2
  • 3Pisko E, Rannenberg K, Roβnagel H. Trusted Computing in Mobile Platforms Players, Usage Scenarios, and Interests[J]. Datenschutz and Datensicherheit, 2005, 9(29): 526-530.
  • 4Cook P G. Wireless Software Download Security[EB/OL]. (2006-06-14). http://www.sdfforum.org/uploads/pub_17683004_i_0069_v0_00_ wireless_securit y_06_14 04.pdf.
  • 5Gehrmann C, Stahl E Mobile Platform Security[EB/OL]. (2006-02-16). http://www.eric s son.com/ericsson/corpinfo/publicationns/review/2006_ 02/03.sbtml.
  • 6Hoffmeyer J, Park I, Majmundar M. Radio Software Download for Commercial Wireless Reconfigurable Devices[J]. IEEE Radio Communications, 2004, 42(3): 26-32.
  • 7Aissi S, Maruyama H, Miura E et al Trusted Mobile Platform Protocol Specification Document[EB/OL]. (2004-04-05). http:// www.trusted-mobile.org/TMP Protocol_rev 1 _00.pdf.
  • 8[1]Standish Group. The CHAOS Report[R].Found at http://www. standishgroup. com. 1995.
  • 9[2]The Inquiry Board. Ariane 5 Flight 105 Inquiry Board Report [ R ].Paris: European Space Agency Press,July 1996.
  • 10[3]National Science,Technology Council (NSTC). America in the Age of Information: A Forum on Federal Information and Communications R&D[R]. Bethesda, Maryland, July 6 - 7,1995.

共引文献120

同被引文献57

引证文献9

二级引证文献34

计算机工程
2011年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部