CN102289619B - Level-driving security demand analysis method - Google Patents
Level-driving security demand analysis method Download PDFInfo
- Publication number
- CN102289619B CN102289619B CN2011102087449A CN201110208744A CN102289619B CN 102289619 B CN102289619 B CN 102289619B CN 2011102087449 A CN2011102087449 A CN 2011102087449A CN 201110208744 A CN201110208744 A CN 201110208744A CN 102289619 B CN102289619 B CN 102289619B
- Authority
- CN
- China
- Prior art keywords
- security
- demand
- grade
- security function
- assembly
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to the field of credible computing and relates to a level-driving security demand analysis method. The method comprises two aspects of establishing a level knowledge base and performing security demand analysis on a specific system. During development of a certain specific system, security function components selected according to threatens are screened according to a security demand level requirement of a user on the system; and a security demand analyzer describes a finally selected security function component as a security summary rule by taking a specific technology and a security strategy into consideration. The level-driving security demand analysis method is mainly applied to security demand analysis on software by using levels and a CC standard in a demand analysis stage, so that security flaws in the initial stage of software development can be reduced.
Description
Technical field
The invention belongs to credible calculating field, be mainly used in utilizing grade and CC standard that software is carried out the demand for security analysis in demand analysis stage, to reduce the security breaches at software development initial stage.The present invention provides support for the foundation of credible demanding criteria system.
Background technology
In today that computing machine develops rapidly, the security feature of computer software has been not only the adeditive attribute of software, intrinsic propesties especially.Yet information industry has also caused a large amount of potential safety hazards allowing more user experience easily simultaneously.The service quality and the service quality that how to ensure software just become the significant problem that users pay close attention to naturally.Under such background, the importance of information security technology is self-evident, and concept and the correlation technique of trusted software are also arisen at the historic moment.
Compare with the U.S. and European part country, the research of China aspect trusted software is started late.Yet the infotech direction of national high-tech research development plan (863 Program) started the multinomial major project relevant with trusted software successively from 2007, drop into a large amount of manpower and materials, demonstrated fully the national information field to the attention of this problem and the resolution that solves these key subjects.Compare with other scientific research field, information security field exists the feature of high confidentiality, high risk again, and this autonomous capacity of scientific research to China is had higher requirement.
At present, become a kind of trend and common recognition gradually in the demand for security of giving a definition of CC standard.Information Technology Security Evaluation Common Criteria (The Common Criteria for Information Technology Security Evaluation), be called for short the CC standard, criterion and the standard of existing information safety had formed a more fully standard card cage before it combined.The CC standard is for assessment of the security of infosystem, information products, also to having played great directive function in the software security requirement engineering.Because abundant security knowledge empirical content and its authority of CC standard, the security function assembly in the use CC standard is determined and is described the software security functional requirement, is the good method that solves the security function needs of problems.
Yet utilize CC to carry out existing in the process that demand for security analyzes such problem at present: 1) whole process need security expert's participation, especially choose in the process in security function, the quality that assembly is chosen has directly influenced the accuracy of software security demand, so just make it use threshold than higher, most civilian system can't use; 2) participation that needs the user to carry out is too frequent, all needs mutual in first three step.Therefore a urgent and important job is that the flow process of analyzing based on the demand for security of CC is improved, to make things convenient for the user and to reduce user's use threshold.
Summary of the invention
Problem in view of above-mentioned existing demand for security analytical approach existence, the present invention proposes and a kind ofly can reduce security function demand analysis difficulty effectively, as early as possible, systematically obtain and find security function problem in the software systems, reduce the possibility that software vulnerability occurs, thereby improve the demand for security analytical approach of the security of software
The demand for security analytical approach that a kind of grade drives comprises the foundation of grade knowledge base and two aspects of demand for security analysis of concrete system, wherein,
The foundation of grade knowledge base comprises following two concrete steps:
The division of 1) demand for security grade
Divide the demand for security grade, describe out security feature and basic demand that the system of each grade will possess in detail;
The foundation of 2) demand for security grade and security function assembly corresponding relation
According to assessment document (comprising protection profile document and Security Target document) and the security function assembly applicable elements to having existed under the CC standards system, for each demand for security grade proposes the corresponding security function assembly set of recommending;
The demand for security analysis of concrete system may further comprise the steps:
1) initial option security function assembly
Carry out the threat analysis of concrete system, the corresponding relation between the security function assembly that provides in each threat and the CC standard is provided, these security function assemblies are designated as S set
1
2) the security function assembly is further screened
According to the demand for security grade that the user sets at the beginning of system development, select the set L of the security function assembly that this grade recommends, get S
1With two intersection of sets collection of L, i.e. screening falls not meet the security function assembly that this grade requires, thereby obtains S set
2
3) replenish the security function component dependencies
With reference to the dependence between the assembly that provides in the CC standard, with S
2In the assembly that relies on of each assembly all add, form S set
3, namely finished the process of finally choosing to the security function assembly;
4) the security function component description is become safe profiling
According to selected assembly, the strategy in conjunction with the security strategy in the concrete system and expectation employing uses natural language description to become safe summary standard the security function component description.
The present invention is purpose with the security of software systems, be to have proposed the CC standard security feature assembly choosing method that grade drives demand stage in the software development initial period, in the hope of as early as possible systematically obtain and find security function problem in the software systems, reduce the possibility that software vulnerability occurs, thereby improve the security of software.This method expection reaches following beneficial effect:
1. solved the problem of the shortage foundation that faces when demand for security analysis initial period user tentatively judges software system security.The demand for security exploitation of the software systems that require for difference provides the grade foundation, makes the user as far as possible early to make a policy.Consider that more early safety problem more is conducive to reduce potential security breaches.
2. reduce in the demand for security analytic process degree of dependence to safe professional knowledge.By the improvement of demand for security analytical approach that the CC standard is provided, make measured demand for security analysis can have more widely and use.
3. demand for security grade is the important component part of credible demanding criteria system, for the research of credible demand analysis provides reference and foundation.
4. help the generation with safe summary specification document chosen of security function assembly.
Description of drawings
Accompanying drawing 1: systematic schematic diagram.
Accompanying drawing 2: the security function assembly that grade drives is chosen process flow diagram.
Accompanying drawing 3: the process of setting up of grade and security function assembly corresponding relation.
Accompanying drawing 4: threaten the process of setting up with security function assembly corresponding relation.
Embodiment
Overall technological scheme flow process of the present invention as shown in Figure 1, comprise two processes, it at first is the establishment of the corresponding relation of the division of demand for security grade and grade and security function assembly, this process is the structure of knowledge base, can be used as experimental knowledge after finishing and uses in concrete each concrete exploitation.Be then at some concrete system developments, according to the demand for security class requirement of user to system's proposition, to screening according to the security function assembly that threatens selection, consider concrete technology and security strategy by the demand for security analyst again, finally selected security function component description is become safe summary standard.Be described in detail as follows below in conjunction with accompanying drawing 2, specifically be divided into two processes:
First process is the foundation of grade knowledge base, comprises following two concrete steps:
The division of 1) demand for security grade
In the reality exploitation, on the consideration degree of the exploitation of each system to safety factor difference is arranged.The user can be according to the purposes of system of oneself and the environment of operation, and its safe coefficient is carried out judgement on the scope.Accordingly, we are with reference to existing international standard and international by the standard demand for security grade that has been system divides, describe out security feature and basic demand that the system of each grade will possess in detail.With reference to associated ratings protecting standards such as GB GB/T 17859, the order of severity of the loss that causes after being broken according to system can Preliminary division go out 4 demand for security grades.Briefly introduce as follows: also do not have serious economy loss even if safety problem appears in the system of Level 1, for example mini-system such as personal website.The system of Level 2 generally is common civilian system, safety problem occurs and can cause certain economic loss and business information leakage etc.The system of Level 3 comprises the system that relates to great economy interests or important information, if the safety problem loss is serious.Banking information system for example, Population Information System etc.The system of Level 4 belongs to the overcritical system of safety, if safety problem can cause serious economy loss, national security information to be revealed or even the life and health problem.Aviation operation control system for example, nuclear power station tele-control system etc.In general, mostly common system is that Level 2 arrives the system of Level 3.
The foundation of 2) demand for security grade and security function assembly corresponding relation
By to the summary of the assessment document that existed under the CC standards system (comprising protection profile document and Security Target document) with to the understanding of security component applicable elements; for each the demand for security grade that sums up in the previous step proposes the corresponding security function assembly set of recommending, whole process as shown in Figure 3.
The security function assembly add up to 251, so the corresponding content of grade and security function assembly is more.Shown in subordinate list 1, represented the corresponding relation of grade and part security function assembly, selected these security function assemblies belong to a security function classification.
Illustrate: FIA_UID.1 etc. is the title of security function assembly in the table.What FIA represented is sign and identification function class, what FIA_UID represented is user's identification function family, FIA_UID.1 represent be the opportunity of concrete security function component identification, specifically describe as follows: 1) before the user is identified, security function should allow Executive Agent user's [assignment: the action lists of security function mediation].2) before any other security function mediation action that allows this user of Executive Agent, security function should require each user successfully to be identified.
This process only need be implemented once, after grade classification and corresponding relation improve, can be used as experimental knowledge and uses, and needn't re-execute again.
Second demand for security analysis process that process is concrete system may further comprise the steps:
5) initial option security function assembly
In this method, the standardized definition of a cover has been set up in threat, and the corresponding relation between the security function assembly that provides in they and the CC standard has been provided, set up the concrete grammar of corresponding relation as shown in Figure 4.Search the corresponding security function assembly of threat (threat is used in the method as input, and concrete threat analysis method is solved by related work, is not the discussion scope of this patent), these security function assemblies are designated as S set
1
6) the security function assembly is further screened
According to the demand for security grade that the user sets at the beginning of system development, select the set L of the security function assembly that this grade recommends, get S
1With two intersection of sets collection of L, i.e. screening falls not meet the security function assembly that this grade requires, thereby obtains S set
2
7) replenish the security function component dependencies
With reference to the dependence between the assembly that provides in the CC standard, with S
2In the assembly that relies on of each assembly all add, form S set
3, namely finished the process of finally choosing to the security function assembly.
8) the security function component description is become safe profiling
This step is that the selected security function assembly of preceding step is specialized description, makes it to become the safe summary standard of standard.The security function assembly itself is that the form with template provides, be not relate to concrete technology and security strategy, but the summary standard of demand for security is concrete, requires to make that the personnel of designing and developing can understand, so need to consider specific implementation and security strategy.So the demand for security analyst needs according to selected assembly, in conjunction with the security strategy in the concrete system and the strategy of estimating to adopt, use natural language description to become safe summary standard the security function component description.
Next show the security function assembly choosing method that grade drives with an instantiation.The login module of bank system of web has following function: the registered user imports username and password or other authentication informations, signs in to system, can check oneself user balance and the user before transactions history record etc.User's information is the assets that the user needs protection.The demand for security grade of customer requirements is Level 3 in this example
1. obtain threatening initial option security function assembly according to analysis.
By the threat analysis method, analyze the threat set that obtains this module correspondence.Main threat comprises: do not have authentication or verification process and destroy, guess voucher and Replay Attack.
These threaten corresponding security function assembly set shown in subordinate list 2.
And then the security function assembly set S that can tentatively be chosen
1={ FIA_UID.1, FIA_UID.2, FIA_ATD.1, FIA_UAU.1, FIA_UAU.2, FIA_UAU.3, FIA_UAU.4, FIA_UAU.6, FIA_UAU.7, FIA_USB.1, FIA_AFL.1, FIA_SOS.1, FIA_SOS.2}
2. according to selected grade the security function assembly is further chosen.
Grade 3 with reference in the subordinate list 1 obtains L={FIA_UID.2 easily, FIA_UAU.2, and FIA_AFL.1, FIA_SOS.1, FIA_ATD.1, FIA_USB.1, FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_UAU.7} gets common factor to S1 and L, obtains S
2=S
1∩ L={FIA_UID.2, FIA_UAU.2, FIA_AFL.1, FIA_SOS.1, FIA_ATD.1, FIA_USB.1, FIA_UAU.4, FIA_UAU.6, FIA_UAU.7}.
3. the assembly that selected security function assembly is relied on adds in the set.
The knowledge of the security function assembly that provides according to the CC standard can be relatively easy to the assembly that finds each security function assembly to rely on.
To S
2In after each block analysis, the assembly set that they rely on is S
2'={ FIA_UID.1, FIA_UAU.1}, the final security function assembly set S that selects
3=S
2∩ S
2'={ FIA_UID.2, FIA_UAU.2, FIA_AFL.1, FIA_SOS.1, FIA_ATD.1, FIA_USB.1, FIA_UAU.4, FIA_UAU.6, FIA_UAU.7, FIA_UID.1, FIA_UAU.1}.
4. the security function assembly set is described as safe summary standard.
Become safe summary standard need consider specific implementation and security strategy the security function component description.This description is that technology is relevant, describes the work that needs to instruct design and developer, belongs to the category of software metrics explanation.So using natural language description to become safe summary standard the security function component description is the process of a complexity, still needs describing of demand for security analyst craft at present.
Be example with FIA_UID.1, as follows to its safe summary description: as 1, before the user is identified, should to allow it to have the public information in the visit bank system of web and the ability that enters login page.2, before the bank balance and transaction record information that allow this user, should require each user successfully to be identified.
The corresponding relation of all components and grade in the subordinate list 1 FIA function class
Threaten the corresponding relation with the security function assembly in subordinate list 2 examples
Claims (1)
1. the demand for security analytical approach that grade drives comprises the foundation of grade knowledge base and two aspects of demand for security analysis of concrete system, wherein,
The foundation of grade knowledge base comprises following two concrete steps:
The division of 1) demand for security grade
Divide the demand for security grade, describe out security feature and basic demand that the system of each grade will possess in detail;
The foundation of 2) demand for security grade and security function assembly corresponding relation
According to the assessment document to having existed under the CC standards system, comprise protection profile document and Security Target document and security function assembly applicable elements, for each demand for security grade proposes the corresponding security function assembly set of recommending;
The demand for security analysis of concrete system may further comprise the steps:
1) initial option security function assembly
Carry out the threat analysis of concrete system, the corresponding relation between the security function assembly that provides in each threat and the CC standard is provided, these security function assemblies are designated as S set
1
2) the security function assembly is further screened
According to the demand for security grade that the user sets at the beginning of system development, select the set L of the security function assembly that this grade recommends, get S
1With two intersection of sets collection of L, i.e. screening falls not meet the security function assembly that this grade requires, thereby obtains S set
2
3) replenish the security function component dependencies
With reference to the dependence between the assembly that provides in the CC standard, with S
2In the assembly that relies on of each assembly all add, form S set
3, namely finished the process of finally choosing to the security function assembly;
4) the security function component description is become safe profiling
According to selected assembly, the strategy in conjunction with the security strategy in the concrete system and expectation employing uses natural language description to become safe summary standard the security function component description.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102087449A CN102289619B (en) | 2011-07-26 | 2011-07-26 | Level-driving security demand analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102087449A CN102289619B (en) | 2011-07-26 | 2011-07-26 | Level-driving security demand analysis method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102289619A CN102289619A (en) | 2011-12-21 |
| CN102289619B true CN102289619B (en) | 2013-07-03 |
Family
ID=45336035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102087449A Active CN102289619B (en) | 2011-07-26 | 2011-07-26 | Level-driving security demand analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102289619B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799834A (en) * | 2012-06-07 | 2012-11-28 | 天津大学 | System-asset-based software security requirement analysis method |
| CN102799816A (en) * | 2012-06-29 | 2012-11-28 | 天津大学 | Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) |
| CN105045251B (en) * | 2015-05-27 | 2017-11-14 | 华中科技大学 | The demand analysis of industrial control system functional safety and information security and fusion method |
| CN107045439A (en) * | 2016-12-26 | 2017-08-15 | 天津大学 | Software security demand based on demand for security template obtains system and method |
| CN107508821B (en) * | 2017-09-06 | 2020-08-11 | 中国科学院计算机网络信息中心 | Security level generation method, device and storage medium |
| CN108108624B (en) * | 2017-12-18 | 2021-09-17 | 北京邮电大学 | Product and service-based information security quality assessment method and device |
| CN110457009B (en) * | 2019-07-06 | 2023-04-14 | 天津大学 | Method for realizing software security requirement recommendation model based on data analysis |
| CN110750712A (en) * | 2019-09-10 | 2020-02-04 | 天津大学 | Software security requirement recommendation method based on data driving |
| CN113408857B (en) * | 2021-05-24 | 2023-03-24 | 柳州东风容泰化工股份有限公司 | Management method and system for thioacetic acid leakage emergency treatment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN102103514A (en) * | 2011-03-02 | 2011-06-22 | 天津大学 | Method for analyzing security demand based on activity graph expansion under CC (Common Criteria) |
| CN102103677A (en) * | 2011-03-09 | 2011-06-22 | 天津大学 | Security evaluation method of software driven by threat model |
-
2011
- 2011-07-26 CN CN2011102087449A patent/CN102289619B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN102103514A (en) * | 2011-03-02 | 2011-06-22 | 天津大学 | Method for analyzing security demand based on activity graph expansion under CC (Common Criteria) |
| CN102103677A (en) * | 2011-03-09 | 2011-06-22 | 天津大学 | Security evaluation method of software driven by threat model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102289619A (en) | 2011-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102289619B (en) | Level-driving security demand analysis method | |
| Fukase | Export liberalization, job creation, and the skill premium: Evidence from the US–Vietnam bilateral trade agreement (BTA) | |
| CN104966031B (en) | The recognition methods of non-authority associated privacy data in Android application program | |
| Das et al. | Manipulation among the arbiters of collective intelligence: How Wikipedia administrators mold public opinion | |
| CN102799834A (en) | System-asset-based software security requirement analysis method | |
| CN103201745A (en) | Method for setting up an access level for use of a software system, and computer program products and processor devices thereof | |
| CN105320887A (en) | Static characteristic extraction and selection based detection method for Android malicious application | |
| US20200065867A1 (en) | Patent valuation system | |
| Sen et al. | An attempt at using mass media data to analyze the political economy around some key ICTD policies in India | |
| Lee et al. | Globalisation and convergence of international life insurance markets | |
| Matuszeski et al. | Patterns of ethnic group segregation and civil conflict | |
| Malik et al. | Financial banking performance of ASEAN-5 countries in the digital era | |
| CN109636178B (en) | Electric power item screening method and device, computer equipment and storage medium | |
| CN113450004A (en) | Power credit report generation method and device, electronic equipment and readable storage medium | |
| CN110457009B (en) | Method for realizing software security requirement recommendation model based on data analysis | |
| Sukri et al. | Risk Management Analysison Administration System Using Octave Allegro Framework | |
| CN109871211B (en) | Information display method and device | |
| CN103412814B (en) | Mobile terminal system safety test and intelligent repair system and method | |
| CN115204733A (en) | Data auditing method and device, electronic equipment and storage medium | |
| Al-Qudah et al. | The impact of information technology on the auditing profession | |
| CN113191888A (en) | Method and device for scoring by urging collection | |
| Andreasson et al. | Evolving e-government benchmarking to better cover technology development and emerging societal needs | |
| CN111815150A (en) | Financial service platform user scoring system and method based on user data | |
| Sapozhnikova et al. | Distributed infrastructure for big data processing in the transaction monitoring systems | |
| Liu | Reflection on Big Data Technology: Problems and Countermeasures in" Big Data Credit Reporting" of Internet Finance in China |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201117 Address after: No.150 Pingdong Avenue, Pingchao Town, Tongzhou District, Nantong City, Jiangsu Province Patentee after: Jiangsu Yongda power telecommunication installation engineering Co., Ltd Address before: 300072 Tianjin City, Nankai District Wei Jin Road No. 92 Patentee before: Tianjin University |