CN101833453A - Sequence diagram defect inspection method based on safety knowledge base - Google Patents
Sequence diagram defect inspection method based on safety knowledge base Download PDFInfo
- Publication number
- CN101833453A CN101833453A CN201010168987A CN201010168987A CN101833453A CN 101833453 A CN101833453 A CN 101833453A CN 201010168987 A CN201010168987 A CN 201010168987A CN 201010168987 A CN201010168987 A CN 201010168987A CN 101833453 A CN101833453 A CN 101833453A
- Authority
- CN
- China
- Prior art keywords
- attack
- security
- knowledge base
- matching degree
- precedence diagram
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the trusted computing field and relates to a sequence diagram defect inspection method based on safety knowledge base. A UML sequence diagram is utilized to describe one service logic in design phase, firstly safety attribute expanding is added on the sequence diagrams, then FSA modelling is carried out on the service logics and all the attack paths are extracted from a model, and finally defect inspection is carried out by virtue of the safety knowledge base constructed by an attack model base, a defect base and the binary relation of the two, thus generating a threat analysis report. By adopting the invention, system defect hidden in the sequence diagram can be effectively detected, leak can be discovered at the early stage of software development and can be repaired, thus reducing software development and maintenance costs, improving software safety coefficient and enhancing credibility.
Description
Technical field
The present invention as main detected object, is devoted to improve the confidence level of software development and later maintenance cost, raising software with the precedence diagram of the drafting in the trusted software development and Design stage, belongs to the software security field.
Background technology
Along with Internet development, the software security problem causes everybody concern day by day.The potential leak of software systems brings very big potential safety hazard to the user, thereby causes the attention to fail-safe software thought.The reliable software of how production high-performance becomes a hot issue of current social.The traditional software engineering is often paid attention to high efficiency, practicality and the reliability of software, and has ignored the confidence level of software.And can't satisfy demand for security, make and in time to find, can not guarantee to develop high believable software, thereby cause the software developed vulnerable in demand and the safety problem that occurs in the design phase in each link.Yet the fail-safe software engineering proposes a kind of each link at software development cycle adds safe theory, and the defective that system is potential is found early, in time solves, with high reliability and the security of guaranteeing each link product.
The proposition of unified modeling language UML, well standard and the performance history of having unified software.In the design phase of software development, the designer tends to utilize the precedence diagram among the UML to come the reciprocal process of each object in the software for drawing system.Precedence diagram has stressed the time sequencing of each object in mutual reciprocal process, has reflected a certain service logic of system.Precedence diagram mainly comprises object with message two parts.Object has reflected all members that participate in this service logic, be divided into one form and example form; Message then is a kind of communication between the object, can transmit information and expect that relevant action is performed.Precedence diagram can be represented the executive mode and the process of service logic.But precedence diagram equally can exposure system potential threat.Because the process chemical combination sequentialization of precedence diagram may exist some leak potential, that the assailant can utilize, i.e. attack paths.The assailant utilizes them to finish set one by one target of attack, the final attack that realizes software systems.
FSA (finite-state automata " finite state automation ") is a kind of computation model that takes out for the computation process of research limited memory and some class of languages.Finite-state automata is made of the state of system and the migration between these states, can better explain operation flow in the software design stage by the modeling of precedence diagram being carried out FSA.
Attack mode is a kind of abstract concept, attack mode at problem be software product assailant's destination object, description be the technology that the assailant is used for destroying software product.The motivation of using attack mode, participates in the threat and goes by oneself is envisioned as the assailant as the software developer, thus the security that effectively improves software.One corresponding some kinds of software defects of a kind of attack mode, promptly a kind of attack mode can exert an influence to several defectives of software, causes these defectives of system to expose, and is attacked.Attack mode is the only way which must be passed that the assailant reaches target of attack, so detect a such attack mode, just can find the defective of the existence of software, avoids suffering assailant's attack, improves the safety coefficient of software.
In software development process, the design phase seems particularly important, and it has defined the overall architecture of system, functional module, and technology paths etc. are the macroscopic descriptions to the whole software project.Along with the development of fail-safe software engineering, the design phase of software is also more and more paid close attention to by the software security expert.Just because of the effect of design phase in the whole software project, cause the design phase can represent and expose potential defective of software and security breaches, find these defectives and security breaches in the design phase of software development, become an important ring of fail-safe software engineering.
Summary of the invention
The present invention at first utilizes precedence diagram to explain a certain service logic in the software design stage, then precedence diagram is carried out safety analysis, generates a threat analysis report, thereby proposes to remedy suggestion and scheme at the software development initial stage.Can reduce the cost of software development and maintenance like this, improve the confidence level of software.For this reason, the present invention adopts following technical scheme.
A kind of sequence diagram defect inspection method based on security knowledge base comprises the following steps:
1) security extension of precedence diagram: by the UML extension mechanism, for the object in the precedence diagram and message are added some security-related attributes, these security-related attributes are used for carrying out abstract and classification to the software systems assembly, and are used at hum pattern security-related information being carried out formalization;
2) extract security information from the precedence diagram of preserving with the XMI form, and precedence diagram is carried out the FSA modeling, the object modeling in the precedence diagram is become state node among the FSA, the message call in the precedence diagram is modeled as the condition of the state transitions among the FSA, obtains the FSA model;
3) adopt the depth-first search algorithm from the FSA model, to extract all possible attack path;
4) foundation comprises the security knowledge base in the binary relation storehouse of attack mode storehouse, defective storehouse, attack mode and defective;
5) by with step 2) in the attack path that extracts carry out matching degree calculating with the attack mode in the security knowledge base, find the attack mode associated with each attack path, and find the defective that is associated with the binary relation of defective by attack mode, generate the threat information report at last.
In the above-mentioned step 5), can be as follows to the matching degree computing method:
1) judge at first whether current attack path is equal fully with the regular expression of the some attack modes in the security knowledge base, if equal fully, then this coupling is 100% coupling for matching degree; Otherwise, attack path is resolved into each node, ask for the matching degree of this attack mode and current attack path by following method of weighting: with last node as the terminal point of attacking, it is the potential attack target, set its weight maximum, be 50%, the weight of the attack node far away more apart from this potential attack target is more little, and weights are 1/2 index and reduce trend;
2) if matching degree greater than default matching degree threshold value, then with the title of this attack mode, the defective that matching degree and this attack mode are associated with is formed tlv triple, adds in the threat information set.
The matching degree threshold value preferably is set at 75%.
The present invention carries out safe detection at the precedence diagram of design phase on the basis of fail-safe software exploitation framework.The wherein partly complete formalization of formal UML language of the security extension of precedence diagram so just can accurately be described the logic implication, has eliminated ambiguity, helps precedence diagram is handled and safety detection; The scanning of precedence diagram and modeling can extract from precedence diagram and the closely-related information of defects detection, and these information are carried out the modeling of FSA, the service logic of design phase is stored in the digraph, the node of digraph is represented the object in the precedence diagram, the message in the precedence diagram is represented on the limit of digraph, can be good at reflecting each relation between objects in this service logic, and be convenient to computing machine and carry out operational processes; The extraction of attack path can extract in the precedence diagram hides, and the object that possible victim utilized follows the process of message sequence.It is the paths in the digraph, can reflect the assailant purposive from starting point, by some attack meanses, step by step break through system node, realize the process of last target of attack.The support of data is provided for the detection of defective; Utilized attack path with the similar computing between the attack mode by the defects detection of security knowledge base, can obtain and the similar attack mode of attack path, and then obtain defect information, can provide threat analysis for designing and developing of software.
The present invention is by four top part work, can detect the system defect that precedence diagram is hidden effectively, can and repair, thereby reduce the cost of software development and maintenance at these leaks of early detection of software development, improved the safety coefficient of software, strengthened credible.
Description of drawings
The integrated stand composition of Fig. 1 sequence diagram defect inspection method.
Fig. 2 attack path extracts process flow diagram.
Fig. 3 security knowledge base structural drawing.
Fig. 4 illustrates precedence diagram.
Fig. 5 precedence diagram changes the FSA model into.
Embodiment
At above-mentioned target, the method that the present invention proposes roughly is divided into four parts, i.e. the extraction of the security extension of precedence diagram, precedence diagram scanning and modeling, attack path and by the defects detection of security knowledge base.Wherein Zheng Ti Organization Chart as shown in Figure 1.
1. the security extension of precedence diagram:, object in the precedence diagram and message are added some safe attributes by the UML extension mechanism.These attributes can be from the system component figure of the PhD dissertation " Analyzing Security Attacks to Generate Signaturesfrom Vulnerable Architectural Patterns " of M.Gegick.Security attribute is to the abstract of software systems assembly and classification, can carry out abstract and formal expression to the assembly in the precedence diagram.As Apache can abstractly be Web server, and MySQL can abstractly be a database server.These security attributes can better carry out formalization to the information of precedence diagram, are convenient to the detection of back planar defect.
2. precedence diagram scanning and modeling: the secure information storage in the precedence diagram is in the message between each object and the object, and each object and these message extraction in the precedence diagram that at first will preserve with the XMI form the scanning of the security information of precedence diagram be come out.The FSA modeling process of the precedence diagram that the present invention did is that the object modeling in the precedence diagram is become state node among the FSA, and the message call in the precedence diagram is modeled as the condition of the state transitions among the FSA.
3. the extraction of attack path: in precedence diagram modeling FSA model, successfully precedence diagram has been changed into FSA, the need of work of back extracts all possible attack path in FSA.Because the FSA that is modeled as stores with the form of digraph, need analyze digraph, find a complete attack path.
Obtain attack path and can adopt the depth-first search algorithm.At first be that zero node adds formation (in-degree is that zero node is the starting point of attack path) with in-degree, travel through these nodes then in turn, it is zero the node terminal point as attack path that recurrence adds node to the out-degree that is connected.The basic procedure that extracts attack path as shown in Figure 2, detailed algorithm is described below:
Input: the FSA after the precedence diagram modeling
Output: attack path set A ttackPathSet={AttackPath}
Attack path extracts maim body:
(1). initialization
(2). traveling through all in-degrees is zero node S
(2.1) obtain attack path by depth-first search
(2.2) attack path is added set
AttackPathSet=AttackPathSet∪AttackPath
Depth-first search program DFS (S
i, AttackPath):
Input: node S
i, the attack path AttackPath that is making up
(1). at first check S
iWhether in AttackPath, exist,, otherwise carried out for the 3rd step if carried out for the 2nd step.
(2). with S
iJoin AttackPath, return AttackPath, termination routine.
(3). all conditions among the traversal FSA transforms I:S
i* I=S
j
(3.1) this condition conversion is joined among the AttackPath
(3.2) recursive call depth-first search is imported parameter into and is respectively S
jAnd AttackPath
4. by the defects detection of security knowledge base: security knowledge base is the relational database of storage attack mode, software defect and mitigation scheme.The present invention carries out the detection of software defect by this database, need operate the knowledge query that this database is correlated with.The structure of security knowledge base as shown in Figure 3.Attribute in the attack mode storehouse (AttackPattern) is represented respectively: the ID of attack mode, the title of attack mode is described regular expressions and mitigation scheme.Attribute in the defective storehouse (Weakness) is represented the ID of defective respectively, and the title of defective is described effect field, possibility occurrence application platform, introducing stage and mitigation scheme.Attribute in the binary relation storehouse (Relationship) of attack mode and defective is represented the ID of attack mode and the ID of defective respectively.After extracting attack path, we have just obtained the intermediary to the defects detection of this service logic, carrying out matching degree by these attack paths with the attack mode in the security knowledge base calculates, just can find the associated attack mode of this service logic, finally find the defective that is associated with the binary relation of defective, generate the threat information report at last by attack mode.Attack path with the matching degree computing method between the attack mode is: judge at first whether current attack path is equal fully with the regular expression of the some attack modes in the security knowledge base, if it is equal fully, then this coupling is 100% coupling, title with this attack mode, 100% and the defective that is associated with of this attack mode form tlv triple, add in the threat information set; Otherwise calculate the matching degree of this attack mode with this attack path.Attack path is decomposed into one by one node.Last node is professional terminal point, is potential target of attack, so the threat weight maximum in once attacking is made as 50%.This potential attack target may need to reach by a plurality of potential attack child nodes, and these potential attack nodal distance finish nodes are big more, and the weights of threat are more little, and is 1/2 index and reduces trend, and the matching degree computational algorithm is as follows:
Input: attack path set A ttackPathSet, attack mode set A ttackPatternSet
Output: threat information set WeaknessSet
Arthmetic statement:
(1). the set of initialization defect information
(2). traversal attack path set A ttackPathSet
(2.1). traversal attack mode set A ttackPatternSet
(2.1.1). if current attack path equates with the regular expressions of current attack mode, then is full coupling, carries out the 2.1.2 step, otherwise carries out the 2.1.3 step.
(2.1.2). with current attack mode, 100% and join in the threat information set with the associated defective of attack mode, continued for the 2.1st step.
(2.1.3). attack path is resolved into some nodes, initialization precision ← 0, temp ← 50%
(2.1.4). each node in the traversal attack path
(2.1.5). if current attack mode comprises this node, precision+=temp so, temp/=2;
(2.1.6). if precision (matching degree) is the part coupling greater than 75% so, and with attack mode, the associated defective of precison and attack mode joins in the threat information.
Be that example illustrates the present invention with the precedence diagram among Fig. 4 below.
5. at first need precedence diagram is carried out security extension, for four objects and five message in the precedence diagram are added security attribute:
Object:
User → Client
Web server → Server
Database server → Database
Internal memory → Buffer
Message:
Send message → HTTPRequest
Send query messages → SendQueryString
Internal memory operation → BufferWrite
Return results → SendMessage
Handle return results → HTTPMessageHandle
6. then precedence diagram is scanned modeling with FSA, obtain structure as shown in Figure 5.
7. the extraction algorithm of utilization attack path can extract three attack paths from the FSA model
(1)Client→HTTPRequest→Server→SendQueryString→Database→BufferWrite→Buffer
(2)Client→HTTPRequest→Server→HTTPMessageHandle→Server
(3)Client→HTTPRequest→Server→SendQueryString→Database→SendMessage→Server
8. by the attack mode of storing in the security knowledge base, the regular expression of these attack paths and attack mode is carried out matching degree calculating, finally can get access to matching degree greater than some attack modes of 75%, related by attack mode and defective, the report of final generation threat analysis, submit to the analysis designer of system,, improve the confidence level of final software in time with leak repairing.
Wherein buffer zone overflows Overflow Buffers (regular expression is
(Client) (SendMessage) (Server) (BufferWrite) (Buffer)) be the attack mode that matches, matching degree is 92.5%.The defective that this attack mode is associated mainly contains Data Handling, Failure to Constrain Operations withinthe Bounds of a Memory Buffer, Buffer Copy without Checking Size of Input (' Classic BufferOverflow '), the information that Integer Overflow to Buffer Overflow. provides by these defectives, systematic analysis and designer can take measures to repair these leaks and defective timely.Finally improve the confidence level of software, reduced the cost of software development and maintenance.
Claims (3)
1. the sequence diagram defect inspection method based on security knowledge base comprises the following steps:
1) security extension of precedence diagram: by the UML extension mechanism, for the object in the precedence diagram and message are added some security-related attributes, these security-related attributes are used for carrying out abstract and classification to the software systems assembly, and are used at hum pattern security-related information being carried out formalization;
2) extract security information from the precedence diagram of preserving with the XMI form, and precedence diagram is carried out the FSA modeling, the object modeling in the precedence diagram is become state node among the FSA, the message call in the precedence diagram is modeled as the condition of the state transitions among the FSA, obtains the FSA model;
3) adopt the depth-first search algorithm from the FSA model, to extract all possible attack path;
4) foundation comprises the security knowledge base in the binary relation storehouse of attack mode storehouse, defective storehouse, attack mode and defective;
5) carry out matching degree calculating by the attack path that extracts in will step (2) with the attack mode in the security knowledge base, find the attack mode associated with each attack path, and find the defective that is associated with the binary relation of defective by attack mode, generate the threat information report at last.
2. the sequence diagram defect inspection method based on security knowledge base according to claim 1 is characterized in that, and is in the step 5), as follows to the matching degree computing method:
1) judge at first whether current attack path is equal fully with the regular expression of the some attack modes in the security knowledge base, if equal fully, then this coupling is 100% coupling for matching degree; Otherwise, attack path is resolved into each node, ask for the matching degree of this attack mode and current attack path by following method of weighting: with last node as the terminal point of attacking, it is the potential attack target, set its weight maximum, be 50%, the weight of the attack node far away more apart from this potential attack target is more little, and weights are 1/2 index and reduce trend;
2) if matching degree greater than default matching degree threshold value, then with the title of this attack mode, the defective that matching degree and this attack mode are associated with is formed tlv triple, adds in the threat information set.
3. the sequence diagram defect inspection method based on security knowledge base according to claim 2 is characterized in that, the matching degree threshold setting is 75%.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010168987 CN101833453B (en) | 2010-05-13 | 2010-05-13 | Sequence diagram defect inspection method based on safety knowledge base |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010168987 CN101833453B (en) | 2010-05-13 | 2010-05-13 | Sequence diagram defect inspection method based on safety knowledge base |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101833453A true CN101833453A (en) | 2010-09-15 |
| CN101833453B CN101833453B (en) | 2012-12-05 |
Family
ID=42717534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010168987 Active CN101833453B (en) | 2010-05-13 | 2010-05-13 | Sequence diagram defect inspection method based on safety knowledge base |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101833453B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790020A (en) * | 2016-12-14 | 2017-05-31 | 北京东方棱镜科技有限公司 | A kind of internet anomaly detection method and system based on attack normal form |
| CN106982188A (en) * | 2016-01-15 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The detection method and device in malicious dissemination source |
| CN107529639A (en) * | 2017-08-10 | 2018-01-02 | 清远博云软件有限公司 | A kind of software credibility determination method |
| CN110881050A (en) * | 2019-12-20 | 2020-03-13 | 万翼科技有限公司 | Security threat detection method and related product |
| CN111143853A (en) * | 2019-12-25 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Application security assessment method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499115A (en) * | 2008-12-19 | 2009-08-05 | 天津大学 | Use case diagram detection method based on attack mode |
| CN101551842A (en) * | 2009-05-05 | 2009-10-07 | 天津大学 | Safety test method based on model driving |
-
2010
- 2010-05-13 CN CN 201010168987 patent/CN101833453B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499115A (en) * | 2008-12-19 | 2009-08-05 | 天津大学 | Use case diagram detection method based on attack mode |
| CN101551842A (en) * | 2009-05-05 | 2009-10-07 | 天津大学 | Safety test method based on model driving |
Non-Patent Citations (1)
| Title |
|---|
| 陈永慈: "安全软件开发环境中安全测试工具的设计与实现", 《中国优秀硕士学位论文全文数据库》, no. 8, 15 August 2009 (2009-08-15), pages 14 - 33 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982188A (en) * | 2016-01-15 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The detection method and device in malicious dissemination source |
| CN106790020A (en) * | 2016-12-14 | 2017-05-31 | 北京东方棱镜科技有限公司 | A kind of internet anomaly detection method and system based on attack normal form |
| CN106790020B (en) * | 2016-12-14 | 2020-08-18 | 北京东方棱镜科技有限公司 | Internet abnormal behavior detection method and system based on attack paradigm |
| CN107529639A (en) * | 2017-08-10 | 2018-01-02 | 清远博云软件有限公司 | A kind of software credibility determination method |
| CN110881050A (en) * | 2019-12-20 | 2020-03-13 | 万翼科技有限公司 | Security threat detection method and related product |
| CN111143853A (en) * | 2019-12-25 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Application security assessment method and device |
| CN111143853B (en) * | 2019-12-25 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | Application security assessment method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101833453B (en) | 2012-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109426722B (en) | SQL injection defect detection method, system, equipment and storage medium | |
| Belsky et al. | Semantic enrichment for building information modeling | |
| Zeng et al. | Modeling method of the grey GM (1, 1) model with interval grey action quantity and its application | |
| Viriyasitavat et al. | Compliance checking for requirement-oriented service workflow interoperations | |
| CN101833453B (en) | Sequence diagram defect inspection method based on safety knowledge base | |
| Shen et al. | A survey of automatic software vulnerability detection, program repair, and defect prediction techniques | |
| CN102136047A (en) | Software trustworthiness engineering method based on formalized and unified software model | |
| CN106778210B (en) | Industrial control system function safety verification method based on immune learning | |
| Büttner et al. | On validation of ATL transformation rules by transformation models | |
| CN113487211A (en) | Nuclear power equipment quality tracing method and system, computer equipment and medium | |
| Chen et al. | Dacha: A dual graph convolution based temporal knowledge graph representation learning method using historical relation | |
| Dong et al. | A complex network-based response method for changes in customer requirements for design processes of complex mechanical products | |
| Li et al. | Research on Multi‐Target Network Security Assessment with Attack Graph Expert System Model | |
| Chen et al. | Ontology-based requirement verification for complex systems | |
| Li et al. | Study on generation of fault trees from Altarica models | |
| Wang et al. | LEKG: a system for constructing knowledge graphs from log extraction | |
| Famelis et al. | The semantics of partial model transformations | |
| Zhang et al. | SVScanner: Detecting smart contract vulnerabilities via deep semantic extraction | |
| Gangadharan et al. | Advancing Bug Detection in Solidity Smart Contracts with the Proficiency of Deep Learning | |
| CN101695079A (en) | Automatic service combination method capable of guaranteeing correction and system thereof | |
| Feng et al. | Functional model-driven fmea method and its system implementation | |
| CN101438234A (en) | Inter-procedural dataflow analysis of parameterized concurrent software | |
| Luo et al. | Compact Abstract Graphs for Detecting Code Vulnerability with GNN Models | |
| Herbert et al. | Workflow fault tree generation through model checking | |
| Riedl et al. | A LAnguage for REconfigurable dependable Systems: Semantics & Dependability Model Transformation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201117 Address after: No.150 Pingdong Avenue, Pingchao Town, Tongzhou District, Nantong City, Jiangsu Province Patentee after: Jiangsu Yongda power telecommunication installation engineering Co., Ltd Address before: 300072 Tianjin City, Nankai District Wei Jin Road No. 92, Tianjin University Patentee before: Tianjin University |