摘要
近年来,软件系统安全问题正引发越来越多的关注,系统存在的安全威胁容易被攻击者所利用,攻击者通常采用各种攻击技术诸如口令暴力破解、网络钓鱼、SQL注入等对系统进行攻击.威胁建模是一种结构化分析、识别并处理威胁的方法,传统的测试主要集中在测试代码缺陷,处于软件开发后期,不能很好地对接前期威胁建模分析成果以构建安全的软件,业界威胁建模工具缺少进一步生成安全测试的功能.为了应对此问题,提出一种从威胁模型生成安全测试用例的框架,并设计和实现工具原型.为了便于测试,对传统的攻击树模型进行改进,对构建的模型进行规范性检查,从该模型中可以自动生成测试线索.根据攻击节点发生概率对测试线索进行评估,优先检测概率较高的威胁的测试线索.对防御节点进行评估,选择收益性较高的防御方案缓解威胁,以改进系统安全设计.通过为攻击节点设置参数可以将测试线索转换成具体的测试用例.在软件开发早期阶段以威胁建模识别出的威胁作为输入,通过框架和工具可以生成测试,指导后续的安全开发和安全测试设计,将安全技术更好地嵌入到软件设计和开发之中.案例研究部分将该框架和工具运用于极高危风险的安全测试生成,并说明了其有效性.
In recent years,software system security issues are attracting increasing attention.The security threats existing in systems can be easily exploited by attackers.Attackers usually attack systems by using various attacking techniques,such as password brute force cracking,phishing,and SQL injection.Threat modeling is a method of structurally analyzing,identifying,and processing threats.Traditional tests mainly focus on testing code defects,which take place in the late stage of software development.It is not able to well connect the results from early threat modeling and analysis for building secure software.Threat modeling tools in the industry lack the function of generating security tests.In order to tackle this problem,this study proposes a framework that is able to generate security test cases from threat models and designs and implements a tool prototype.In order to facilitate tests,this study improves the traditional attack tree model and performs compliance checks.Test scenarios can be automatically generated from the model.The test scenarios are evaluated according to the probabilities of attack nodes,and the scenarios of the threats with higher probabilities will be tested first.The defense nodes are evaluated,and the defense scheme with higher profit is selected to alleviate the threats,so as to improve the system’s security design.By setting parameters for attack nodes,test scenarios can be specified as test cases.In the early stage of software development,with the inputs of the threats identified by threat modeling,test cases can be generated through this framework and tool to guide subsequent security development and test design,which improves the integration of security technology in software design and development.The case study applies this framework and tool in test generation for very high security risks,which shows their effectiveness.
作者
付昌兰
张贺
李凤龙
匡宏宇
FU Chang-Lan;ZHANG He;LI Feng-Long;KUANG Hong-Yu(Software Institute,Nanjing University,Nanjing 210023,China;State Key Laboratory for Novel Software Technology(Nanjing University),Nanjing 210023,China;Huawei Cloud Computing Technologies Co.Ltd.,Hangzhou 310053,China)
出处
《软件学报》
EI
CSCD
北大核心
2024年第10期4573-4603,共31页
Journal of Software
基金
CCF-华为胡杨林基金-软件工程专项(CCF-HuaweiSE2021003)
国家自然科学基金(62072227,62202219)
国家重点研发计划(2019YFE0105500)
江苏省重点研发计划(BE2021002-2)
南京大学计算机软件新技术国家重点实验室创新项目(ZZKT2022A25)
海外开放课题(KFKT2022A09)。