CN107145443A - The Security requirements analysis method and system interacted based on scene - Google Patents
The Security requirements analysis method and system interacted based on scene Download PDFInfo
- Publication number
- CN107145443A CN107145443A CN201710296158.1A CN201710296158A CN107145443A CN 107145443 A CN107145443 A CN 107145443A CN 201710296158 A CN201710296158 A CN 201710296158A CN 107145443 A CN107145443 A CN 107145443A
- Authority
- CN
- China
- Prior art keywords
- business scene
- scene
- resources bank
- user
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
Abstract
The present invention provides a kind of Security requirements analysis method and system interacted based on scene, and by showing login interface to user, after User logs in success, business scene selection interface is shown to user;The business scene selected according to user, determines security threat file corresponding with selected business scene in business scene resources bank;Wherein, each business scene has corresponding security threat file in security threat resources bank;The business scene selected according to user, the corresponding security threat file of the business scene generates demand for security file.The problem of safety landing brought due to developer's security knowledge scarcity is difficult is solved, the efficiency of system development is effectively increased, more targetedly ensure that the security requirement of institute's development system.
Description
Technical field
The present embodiments relate to system security management technical field, more particularly to a kind of safety interacted based on scene need to
Ask analysis method and system.
Background technology
The demand for security that current user is proposed is big and general, lack of targeted, it is impossible to meet the demand for security of specific system,
Therefore, the safety of business system is in the stage afterwards mostly, i.e., carrying out test to system after the completion of system development finds leak,
Or go to repair leak after outburst leak, this mode not only makes enterprise very passive, and when leak breaks out
Different degrees of fund and reputation loss are caused to enterprise.Therefore enterprise development is in the urgent need to inciting somebody to action safety from system development
Moved forward in cycle, just introduce safety from the demand stage of system, i.e., just propose the concept of demand for security in advance.Meanwhile, system is opened
Hair personnel lack the understanding to the security knowledge involved by business scenario reality mostly in itself, cause such demand for security to be landed
Difficult, safety test effect is also not actual enough and accurate.
The content of the invention
The present invention provides a kind of Security requirements analysis method and system interacted based on scene, from business user perspective to being
The business scenario of system carries out classifying and dividing, and for business scenario setting safety analysis, risk identification and safety control measures point
Analysis, and the standard security document matched with business scenario is exported, providing security development for developer instructs.So as to realize
The system research and development stage provides reliable security requirement, system design stage and provides accurate layout strategy, system testing stage
The safety test document that can be landed is provided, asking due to the safety landing hardly possible that developer's security knowledge is deficient and brings is solved
Topic, effectively increases the efficiency of system development, more targetedly ensure that the security requirement of developed system.
The present invention provides a kind of Security requirements analysis method interacted based on scene, including:
Login interface is shown to user, and receives the log-on message that user inputs on the login interface;
After logining successfully, business scene selection interface is shown to user;
The business scene selected according to user, is determined corresponding with selected business scene in business scene resources bank
Security threat file;Wherein, each business scene has corresponding security threat file in security threat resources bank;
The business scene selected according to user, the corresponding security threat file of the business scene, generation demand for security text
Part.
Optionally, main business scene interface, subservice scene interface are included in the business scene selection interface;It is described
Method also includes:
According to selection of the user in the main business scene interface, included in the display selected main business scene of user
Subservice scene display interface;
Accordingly, the business scene selected according to user, is determined and selected industry in business scene resources bank
The corresponding security threat file of business scene, including:
The mark of the main business scene selected according to user in main business scene interface, is selected in subservice scene interface
The mark for the subservice scene selected, determines the mark and the son with the main business scene in the security threat resources bank
The corresponding demand for security file of the mark of business scene.
Optionally, methods described also includes:
The business scene selected according to user, is determined corresponding with selected business scene in safe design resources bank
Safe Design Scheme;Wherein, each business scene has corresponding Safe Design Scheme in safe design resources bank;
The business scene selected according to user, the corresponding Safe Design Scheme of the business scene, generation safe design text
Part.
Optionally, methods described also includes:
The business scene selected according to user, is determined corresponding with selected business scene in test sample resources bank
Test sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The business scene selected according to user, the corresponding test sample of the business scene, generates safety test file.
Optionally, each business scene in the business scene resources bank with it is each in the security threat resources bank
Each peace in each test sample, the safe design resources bank in security threat file, the test sample resources bank
Full design has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each peace in the security threat resources bank
It is complete to threaten file that there are one-to-one mapping relations;Each security threat file in the security threat resources bank with it is described
Each test sample in test sample resources bank has one-to-one mapping relations;It is every in the safe design resources bank
In each business scene and/or the security threat resources bank in individual Safe Design Scheme and the business scene resources bank
Each security threat file has one-to-one mapping relations.
The present invention also provides a kind of Security requirements analysis system interacted based on scene, including:
Display module, for showing login interface to user;
Receiving module, for receiving the log-on message that user inputs on the login interface;
The display module, is additionally operable to after logining successfully, and business scene selection interface is shown to user;
Analysis module, for the business scene selected according to user, in business scene resources bank determine with it is selected
The corresponding security threat file of business scene;Wherein, each business scene has in security threat resources bank corresponds to therewith
Security threat file;
Generation module, for the business scene selected according to user, the corresponding security threat file of the business scene is raw
Into demand for security file.
Optionally, main business scene interface, subservice scene interface are included in the business scene selection interface;
The display module, specifically for the selection according to user in the main business scene interface, display user institute
The display interface of the subservice scene included in the main business scene of selection;
Accordingly, the analysis module, specifically for the main business feelings selected according to user in main business scene interface
The mark of scape, the mark of the subservice scene selected in subservice scene interface is determined in the security threat resources bank
With the mark and the corresponding demand for security file of mark of the subservice scene of the main business scene.
Optionally, the analysis module,
The business scene selected according to user is additionally operable to, is determined and selected business scene in safe design resources bank
Corresponding Safe Design Scheme;Wherein, each business scene has corresponding safety to set in safe design resources bank
Meter scheme;
The generation module, is additionally operable to the business scene selected according to user, the corresponding safe design of the business scene
Scheme, generates safe design file.
Optionally, the analysis module,
The business scene selected according to user is additionally operable to, is determined and selected business scene in test sample resources bank
Corresponding test sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The generation module, is additionally operable to the business scene selected according to user, the corresponding test sample of the business scene,
Generate safety test file.
Optionally, each business scene in the business scene resources bank with it is each in the security threat resources bank
Each peace in each test sample, the safe design resources bank in security threat file, the test sample resources bank
Full design has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each peace in the security threat resources bank
It is complete to threaten file that there are one-to-one mapping relations;Each security threat file in the security threat resources bank with it is described
Each test sample in test sample resources bank has one-to-one mapping relations;It is every in the safe design resources bank
In each business scene and/or the security threat resources bank in individual Safe Design Scheme and the business scene resources bank
Each security threat file has one-to-one mapping relations.
The Security requirements analysis method and system interacted based on scene that the present invention is provided, by logging in boundary to user's display
Face, and receive the log-on message that user inputs on the login interface;After logining successfully, show that business scene selects boundary to user
Face;The business scene selected according to user, determines safety corresponding with selected business scene in business scene resources bank
Threaten file;Wherein, each business scene has corresponding security threat file in security threat resources bank;According to user
The business scene of selection, the corresponding security threat file of the business scene generates demand for security file.Realize from service-user
Angle carries out classifying and dividing to the business scenario of system, and is controlled for business scenario setting safety analysis, risk identification with safety
Measures analysis processed, and the standard security document matched with business scenario is exported, providing security development for developer instructs.From
And realize that reliable security requirement, system design stage are provided in the system research and development stage provides accurate layout strategy, system
Test phase provides the safety test document that can be landed, and solves because the safety that developer's security knowledge is deficient and brings falls
The problem of ground is difficult, effectively increases the efficiency of system development, more targetedly ensure that the security of developed system
Demand.
Brief description of the drawings
Fig. 1 is the flow for the Security requirements analysis method that the present invention shown in an exemplary embodiment is interacted based on scene
Figure;
Fig. 2 is the flow for the Security requirements analysis method that the present invention shown in another exemplary embodiment is interacted based on scene
Figure;
Fig. 3 is that the structure for the Security requirements analysis system that the present invention shown in an exemplary embodiment is interacted based on scene is shown
It is intended to.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the flow for the Security requirements analysis method that the present invention shown in an exemplary embodiment is interacted based on scene
Figure.The scheme of the present embodiment is applied to enterprise operation system and develops early stage, the safety that may relate to for specific business scenario
Problem carries out demand for security design in advance, to allow later development personnel to be designed according to the demand for security in advance, has
Targetedly development system, it is ensured that the security reliability for the system researched and developed.The Security requirements analysis side interacted based on scene
Method can jointly be realized by the database of Security requirements analysis server and the Security requirements analysis data that are stored with.As shown in figure 1,
The method of the present embodiment includes:
Step 101, to user login interface is shown, and receive the log-on message that user inputs on login interface.
Step 102, login successfully after, to user show business scene selection interface.
Step 103, the business scene selected according to user, are determined and selected business feelings in business scene resources bank
The corresponding security threat file of scape.
The user can for directly contact entities business business personnel, because its understanding entities business flow, application scenarios,
It therefore, it can relatively accurately determine the accurate scene for the business for needing to carry out security protection.Wherein, business scene resources bank
In be stored be pre-designed and typing common business scenario and typical business scenario, can be according to type of service, species
Scene classification is carried out, the form that can form such as scene problem base carries out the selection of business scene for user.Realize from user
Angle is combed to operation system typical scene function, is user's outputting standard safety text by way of scene type question and answer
Shelves, provide security development for developer and instruct.Wherein, each business scene has corresponding in security threat resources bank
Security threat file.Security threat resources bank will collect the full spectrum of threats analysis and arrangement conclusion collected, and arranging turns into a money
Source storehouse, is used during for threat analysis.A kind of business scene that user often selects has one or more security threat files therewith
Correspondence.
Step 104, the business scene selected according to user, the corresponding security threat file of business scene, generation safety are needed
Seek file.
The entire flow that above-mentioned steps are realized can be with for example, service-user logs in the system, the corresponding business scenario of selection
A new project is created, into the scene problem under the selected scene of scene question and answer answer (that is in big scene catalogue
Under, multiple small scene catalogues are subdivided into, can be achieved using tree structure), system is given birth to according to the answer situation of user
The corresponding security threat file of scene therewith is got into corresponding scene results, and according to the scene results, both combine life
Into demand for security file.User can download demand for security file used in the project development so that developer carries out business
The reference of system safe design is used.
The Security requirements analysis method interacted based on scene that the present embodiment is provided, by showing login interface to user,
And receive the log-on message that user inputs on the login interface;After logining successfully, business scene selection interface is shown to user;
The business scene selected according to user, determines security threat corresponding with selected business scene in business scene resources bank
File;Wherein, each business scene has corresponding security threat file in security threat resources bank;Selected according to user
Business scene, the corresponding security threat file of the business scene, generate demand for security file.Realize from business user perspective
Classifying and dividing is carried out to the business scenario of system, and arranged for business scenario setting safety analysis, risk identification and security control
Analysis is applied, and exports the standard security document matched with business scenario, providing security development for developer instructs.Solve
The problem of safety landing brought due to developer's security knowledge scarcity is difficult, effectively increases the efficiency of system development, more
Added with the security requirement that pointedly ensure that developed system.
Fig. 2 is the flow for the Security requirements analysis method that the present invention shown in another exemplary embodiment is interacted based on scene
Figure, as shown in Fig. 2 on the basis of a upper embodiment, the method for the present embodiment includes:
Step 201, to user login interface is shown, and receive the log-on message that user inputs on login interface.
Step 202, login successfully after, to user show business scene selection interface.Wrapped in the business scene selection interface
Contain main business scene interface, subservice scene interface.
In step 203, the selection according to user in main business scene interface, the display selected main business scene of user
Comprising subservice scene display interface.
The mark of step 204, the main business scene selected according to user in main business scene interface, in subservice scene
The mark of the subservice scene selected in interface, determines the mark and subservice with main business scene in security threat resources bank
The corresponding demand for security file of the mark of scene;The business scene selected according to user, the corresponding security threat of business scene
File, generates demand for security file.
Step 205, the business scene selected according to user, are determined and selected business feelings in safe design resources bank
The corresponding Safe Design Scheme of scape;Wherein, each business scene has corresponding safe design in safe design resources bank
Scheme;The business scene selected according to user, the corresponding Safe Design Scheme of business scene generates safe design file.
Specifically, the major function of safe design resources bank is by common and typical Safe Design Scheme and code sample
Summarizing input system, is used when generating safe design file for demand for security.Safe design resources bank can include public
Technical demand for security (for example, which kind of business scene correspondence which kind of AES, which kind of information protection strategy etc.), using peace
Full demand (for example, data safety demand, access control demand, prevent unauthorized operation demand etc.), communication security demand (for example,
Which kind of business scene correspondence which kind of network type, Intranet communication pattern, selection of outbound communication pattern etc.), system deployment O&M
Demand for security (for example, which kind of business scene correspondence which kind of information transmission mode, plaintext or cipher text transmission, unidirectional or two-way authentication,
Soft certificate or hard certificate selection etc.).
Step 206, the business scene selected according to user, are determined and selected business feelings in test sample resources bank
The corresponding test sample of scape;Wherein, each business scene has corresponding test sample in test sample resources bank;
The business scene selected according to user, the corresponding test sample of business scene generates safety test file.
Specifically, the major function of test sample resources bank is by common safety test use-case and typical safety test
Use-case is arranged in the database of input system, is used during for safety test.
Optionally, each business scene in business scene resources bank and each security threat in security threat resources bank
File, each test sample in test sample resources bank, each Safe Design Scheme in safe design resources bank have respectively
There are one-to-one mapping relations.Or, in each business scene and security threat resources bank in business scene resources bank
Each security threat file has one-to-one mapping relations;Each security threat file in security threat resources bank is with surveying
Each test sample in sample example resources bank has one-to-one mapping relations;Each safety in safe design resources bank
Design and each business scene in business scene resources bank and/or the text of each security threat in security threat resources bank
Part has one-to-one mapping relations.
Optionally, the system can also include:User management module, to be managed to all users under the system
Reason, can scan for and accordingly increase according to user name, change and deletion action, and check the project that user is created.
And user role distribution is carried out to user, it is normally used.
The embodiment realizes that Security requirements analysis and safety are set by allowing common developer to pass through the description to scene
Meter, user selects corresponding business scenario to carry out scene question and answer in questionnaire form, system is according to user by creating project
The security implementation degree of system under answered a question situation, the automatic analysis and judgment scene, generates corresponding demand for security design
File, uses when carrying out security development for user, also safety manager can be allowed quickly to judge working condition under the scene,
The substantial amounts of time for reducing artificial judgment.Filled in addition, user also can also carry out questionnaire to special classical safe case,
Manager very easily draws user's answer result, and user also can conveniently check the security threat faced under this scene, peace
Full demand and corresponding safe design.So as to realize reliable security requirement, system design are provided in the system research and development stage
Stage provides accurate layout strategy, system testing stage and provides the safety test document that can be landed, and solves due to exploit person
The problem of safety landing hardly possible that member's security knowledge is deficient and brings, the efficiency of system development is effectively increased, more targetedly
Ground ensure that the security requirement of developed system.
The present embodiment, the business scene related to system development is selected by man-machine interaction mode, should be based on scene interaction
Security requirements analysis system by query safe threaten resources bank, safe design resources bank, test sample resources bank, on backstage
Server by utilizing such as security expert's model and a series of algorithm carry out data analysis, calculated, and automatically generate security expert's level
Other demand for security file, safe design file, safety test file etc..Pass through the system so that developer, which develops, is
The security requirement of system more conforms to the actual application scenarios of business, so as to obtain the protection of more preferable security performance.The invention
Well for developer it is how under development go to evade these safety problems provide solution, solve due to exploit person
The problem of safety landing hardly possible that member's security knowledge is deficient and brings;Meanwhile, by refining scene granularity, complete system demand for security
Analysis so that demand for security is careful and targeted, solves the problem of demand for security is big and general;Pass through the safety test of output
File, can dramatically improve testing reliability, make up the deficiency that traditional test is concerned only with function and performance.
Fig. 3 is that the structure for the Security requirements analysis system that the present invention shown in an exemplary embodiment is interacted based on scene is shown
It is intended to, as shown in figure 3, the Security requirements analysis system interacted based on scene that the present embodiment is provided, including:Display module 1, is used
In to user show login interface;Receiving module 2, for receiving the log-on message that user inputs on login interface;Show mould
Block 1, is additionally operable to after logining successfully, and business scene selection interface is shown to user;Analysis module 3, for being selected according to user
Business scene, corresponding with selected business scene security threat file is determined in business scene resources bank;Wherein, often
Individual business scene has corresponding security threat file in security threat resources bank;Generation module 4, for being selected according to user
The business scene selected, the corresponding security threat file of business scene generates demand for security file.
The Security requirements analysis system interacted based on scene of the present embodiment, during aforesaid operations are performed, in fact
Existing principle is similar with the realization principle of the embodiment of the method described in Fig. 1, and technique effect is similar, and here is omitted.
Based on above-described embodiment, optionally, main business scene interface, subservice feelings are included in business scene selection interface
Scape interface;Display module 1, specifically for the selection according to user in main business scene interface, shows the selected master of user
The display interface of the subservice scene included in business scene;Accordingly, analysis module 3, specifically for according to user in main business
The mark of the main business scene selected in business scene interface, the mark of the subservice scene selected in subservice scene interface,
Determined in security threat resources bank and the mark of main business scene and the corresponding demand for security text of the mark of subservice scene
Part.
Optionally, analysis module 3, are additionally operable to the business scene selected according to user, are determined in safe design resources bank
Safe Design Scheme corresponding with selected business scene;Wherein, each business scene have in safe design resources bank with
Corresponding Safe Design Scheme;Generation module 4, is additionally operable to the business scene selected according to user, the corresponding peace of business scene
Full design, generates safe design file.
Optionally, analysis module 3, are additionally operable to the business scene selected according to user, are determined in test sample resources bank
Test sample corresponding with selected business scene;Wherein, each business scene has right therewith in test sample resources bank
The test sample answered;Generation module 4, is additionally operable to the business scene selected according to user, and the corresponding test sample of business scene is raw
Into safety test file.
Optionally, each business scene in business scene resources bank and each security threat in security threat resources bank
File, each test sample in test sample resources bank, each Safe Design Scheme in safe design resources bank have respectively
There are one-to-one mapping relations;Or, in each business scene and security threat resources bank in business scene resources bank
Each security threat file has one-to-one mapping relations;Each security threat file in security threat resources bank is with surveying
Each test sample in sample example resources bank has one-to-one mapping relations;Each safety in safe design resources bank
Design and each business scene in business scene resources bank and/or the text of each security threat in security threat resources bank
Part has one-to-one mapping relations.
The Security requirements analysis system interacted based on scene of the present embodiment, during aforesaid operations are performed, in fact
Existing principle is similar with the realization principle of the embodiment of the method described in Fig. 2, and technique effect is similar, and here is omitted.
Based on scene interact Security requirements analysis system by including channel, payment, product, data Layer, periphery or
The business scene of the channels such as attached, branch's characteristic, office administration, basic platform, technology class, credit card impends analysis, has
Corresponding demand for security is targetedly proposed, and corresponding Safe Design Scheme and safety survey are proposed for the demand for security
Examination scheme.The personnel for making general service personnel, developer, tester etc. related to exploitation, in the peace interacted based on scene
By the input of application scenarios on full Requirement Analysis System, resources bank, safe design resources bank, test are threatened by query safe
Sample resources bank, carries out data analysis using such as security expert's model and a series of algorithm in background server, calculates, from
Demand for security file, safe design file, safety test file of dynamic generation security expert's rank etc..Pass through the system so that
The security requirement of developer institute development system more conforms to the actual application scenarios of business, so as to obtain more preferable security
The protection of energy.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program
Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:ROM, RAM, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (10)
1. a kind of Security requirements analysis method interacted based on scene, it is characterised in that including:
Login interface is shown to user, and receives the log-on message that user inputs on the login interface;
After logining successfully, business scene selection interface is shown to user;
The business scene selected according to user, determines safety corresponding with selected business scene in business scene resources bank
Threaten file;Wherein, each business scene has corresponding security threat file in security threat resources bank;
The business scene selected according to user, the corresponding security threat file of the business scene, generates demand for security file.
2. according to the method described in claim 1, it is characterised in that include main business feelings in the business scene selection interface
Scape interface, subservice scene interface;Methods described also includes:
According to selection of the user in the main business scene interface, the son included in the display selected main business scene of user
The display interface of business scene;
Accordingly, the business scene selected according to user, is determined and selected business feelings in business scene resources bank
The corresponding security threat file of scape, including:
The mark of the main business scene selected according to user in main business scene interface, is selected in subservice scene interface
The mark of subservice scene, determines the mark and the subservice with the main business scene in the security threat resources bank
The corresponding demand for security file of the mark of scene.
3. method according to claim 2, it is characterised in that methods described also includes:
The business scene selected according to user, determines safety corresponding with selected business scene in safe design resources bank
Design;Wherein, each business scene has corresponding Safe Design Scheme in safe design resources bank;
The business scene selected according to user, the corresponding Safe Design Scheme of the business scene, generates safe design file.
4. method according to claim 3, it is characterised in that methods described also includes:
The business scene selected according to user, determines test corresponding with selected business scene in test sample resources bank
Sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The business scene selected according to user, the corresponding test sample of the business scene, generates safety test file.
5. method according to claim 4, it is characterised in that each business scene in the business scene resources bank with
Each test sample in each security threat file, the test sample resources bank in the security threat resources bank, institute
The each Safe Design Scheme stated in safe design resources bank has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each safe prestige in the security threat resources bank
Side of body file has one-to-one mapping relations;Each security threat file and the test in the security threat resources bank
Each test sample in sample resources bank has one-to-one mapping relations;Each peace in the safe design resources bank
Full design with it is each in each business scene and/or the security threat resources bank in the business scene resources bank
Security threat file has one-to-one mapping relations.
6. a kind of Security requirements analysis system interacted based on scene, it is characterised in that including:
Display module, for showing login interface to user;
Receiving module, for receiving the log-on message that user inputs on the login interface;
The display module, is additionally operable to after logining successfully, and business scene selection interface is shown to user;
Analysis module, for the business scene selected according to user, is determined and selected business in business scene resources bank
The corresponding security threat file of scene;Wherein, each business scene has corresponding peace in security threat resources bank
It is complete to threaten file;
Generation module, for the business scene selected according to user, the corresponding security threat file of the business scene, generation peace
Full demand file.
7. system according to claim 6, it is characterised in that include main business feelings in the business scene selection interface
Scape interface, subservice scene interface;
The display module, specifically for the selection according to user in the main business scene interface, shows selected by user
Main business scene in the display interface of subservice scene that includes;
Accordingly, the analysis module, specifically for the main business scene that is selected according to user in main business scene interface
Mark, the mark of the subservice scene selected in subservice scene interface is determined and institute in the security threat resources bank
State the mark of main business scene and the corresponding demand for security file of mark of the subservice scene.
8. system according to claim 7, it is characterised in that
The analysis module, is additionally operable to the business scene selected according to user, in safe design resources bank determine with it is selected
The corresponding Safe Design Scheme of business scene;Wherein, each business scene has right therewith in safe design resources bank
The Safe Design Scheme answered;
The generation module, is additionally operable to the business scene selected according to user, the corresponding Safe Design Scheme of the business scene,
Generate safe design file.
9. system according to claim 8, it is characterised in that
The analysis module, is additionally operable to the business scene selected according to user, test sample resources bank in determine with it is selected
The corresponding test sample of business scene;Wherein, each business scene has corresponding in test sample resources bank
Test sample;
The generation module, is additionally operable to the business scene selected according to user, the corresponding test sample of the business scene, generation
Safety test file.
10. system according to claim 9, it is characterised in that each business scene in the business scene resources bank
With each security threat file in the security threat resources bank, each test sample in the test sample resources bank,
Each Safe Design Scheme in the safe design resources bank has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each safe prestige in the security threat resources bank
Side of body file has one-to-one mapping relations;Each security threat file and the test in the security threat resources bank
Each test sample in sample resources bank has one-to-one mapping relations;Each peace in the safe design resources bank
Full design with it is each in each business scene and/or the security threat resources bank in the business scene resources bank
Security threat file has one-to-one mapping relations.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710296158.1A CN107145443A (en) | 2017-04-28 | 2017-04-28 | The Security requirements analysis method and system interacted based on scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710296158.1A CN107145443A (en) | 2017-04-28 | 2017-04-28 | The Security requirements analysis method and system interacted based on scene |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107145443A true CN107145443A (en) | 2017-09-08 |
Family
ID=59775413
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710296158.1A Pending CN107145443A (en) | 2017-04-28 | 2017-04-28 | The Security requirements analysis method and system interacted based on scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107145443A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107957862A (en) * | 2017-12-06 | 2018-04-24 | 杭州同立方软件有限公司 | A kind of requirement analysis method for building industry science class virtual emulation practice-training teaching software |
CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102103514A (en) * | 2011-03-02 | 2011-06-22 | 天津大学 | Method for analyzing security demand based on activity graph expansion under CC (Common Criteria) |
CN102236758A (en) * | 2011-07-26 | 2011-11-09 | 天津大学 | Security repository-based security requirement acquisition method |
CN106227664A (en) * | 2016-07-22 | 2016-12-14 | 华为技术有限公司 | A kind of method and device testing application program |
EP3147791A1 (en) * | 2015-09-28 | 2017-03-29 | Wipro Limited | A system and method for improving integration testing in a cloud computing environment |
-
2017
- 2017-04-28 CN CN201710296158.1A patent/CN107145443A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102103514A (en) * | 2011-03-02 | 2011-06-22 | 天津大学 | Method for analyzing security demand based on activity graph expansion under CC (Common Criteria) |
CN102236758A (en) * | 2011-07-26 | 2011-11-09 | 天津大学 | Security repository-based security requirement acquisition method |
EP3147791A1 (en) * | 2015-09-28 | 2017-03-29 | Wipro Limited | A system and method for improving integration testing in a cloud computing environment |
CN106227664A (en) * | 2016-07-22 | 2016-12-14 | 华为技术有限公司 | A kind of method and device testing application program |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107957862A (en) * | 2017-12-06 | 2018-04-24 | 杭州同立方软件有限公司 | A kind of requirement analysis method for building industry science class virtual emulation practice-training teaching software |
CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
CN110908912B (en) * | 2019-11-25 | 2023-11-21 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022160707A1 (en) | Human-machine interaction method and apparatus combined with rpa and ai, and storage medium and electronic device | |
CN105095970B (en) | The execution method and system of third-party application | |
CN107894952A (en) | Generation method, device, equipment and the readable storage medium storing program for executing of interface testing use-case | |
CN107566379A (en) | A kind of government information resources shared system based on block chain | |
CN110519115A (en) | Gateway interface test method, terminal device, storage medium and device | |
CN106485473A (en) | Mobile approval information system and its information processing method | |
CN102799962A (en) | Configuration type business flow system and realization method thereof | |
CN106919378A (en) | Application based on increment updates and method of testing and system, server and client | |
CN110851860A (en) | Power consumption data desensitization algorithm model construction method based on anonymization privacy technology | |
CN105184144A (en) | Multi-system privilege management method | |
CN107256428A (en) | Data processing method, data processing equipment, storage device and the network equipment | |
CN107608902A (en) | Routine interface method of testing and device | |
CN108763091A (en) | Method, apparatus and system for regression test | |
CN108255707A (en) | Development roles creation method, device, equipment and the storage medium of test case | |
CN107634989A (en) | A kind of cloud wallet construction method and server | |
CN107145443A (en) | The Security requirements analysis method and system interacted based on scene | |
CN104270359B (en) | The authentic authentication system and method for network trading | |
CN109739541A (en) | A kind of dual system code/file management platform architecture | |
CN107770151A (en) | A kind of enterprise's integrated work management system and its method | |
CN110046636A (en) | Prediction technique of classifying and device, prediction model training method and device | |
CN106802797A (en) | The generation method and device of a kind of application programming interface | |
Contini et al. | Simulating smart campus applications in edge and fog computing | |
CN107341645A (en) | Demand of human resources information processing method, device, computer equipment and storage medium | |
CN116415203A (en) | Government information intelligent fusion system and method based on big data | |
CN115328786A (en) | Automatic testing method and device based on block chain and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170908 |