CN107145443A - The Security requirements analysis method and system interacted based on scene - Google Patents

The Security requirements analysis method and system interacted based on scene Download PDF

Info

Publication number
CN107145443A
CN107145443A CN201710296158.1A CN201710296158A CN107145443A CN 107145443 A CN107145443 A CN 107145443A CN 201710296158 A CN201710296158 A CN 201710296158A CN 107145443 A CN107145443 A CN 107145443A
Authority
CN
China
Prior art keywords
business scene
scene
resources bank
user
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710296158.1A
Other languages
Chinese (zh)
Inventor
张磊
张晋源
高晓梦
吕晓强
李吉慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Minsheng Banking Corp Ltd
Original Assignee
China Minsheng Banking Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Minsheng Banking Corp Ltd filed Critical China Minsheng Banking Corp Ltd
Priority to CN201710296158.1A priority Critical patent/CN107145443A/en
Publication of CN107145443A publication Critical patent/CN107145443A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling

Abstract

The present invention provides a kind of Security requirements analysis method and system interacted based on scene, and by showing login interface to user, after User logs in success, business scene selection interface is shown to user;The business scene selected according to user, determines security threat file corresponding with selected business scene in business scene resources bank;Wherein, each business scene has corresponding security threat file in security threat resources bank;The business scene selected according to user, the corresponding security threat file of the business scene generates demand for security file.The problem of safety landing brought due to developer's security knowledge scarcity is difficult is solved, the efficiency of system development is effectively increased, more targetedly ensure that the security requirement of institute's development system.

Description

The Security requirements analysis method and system interacted based on scene
Technical field
The present embodiments relate to system security management technical field, more particularly to a kind of safety interacted based on scene need to Ask analysis method and system.
Background technology
The demand for security that current user is proposed is big and general, lack of targeted, it is impossible to meet the demand for security of specific system, Therefore, the safety of business system is in the stage afterwards mostly, i.e., carrying out test to system after the completion of system development finds leak, Or go to repair leak after outburst leak, this mode not only makes enterprise very passive, and when leak breaks out Different degrees of fund and reputation loss are caused to enterprise.Therefore enterprise development is in the urgent need to inciting somebody to action safety from system development Moved forward in cycle, just introduce safety from the demand stage of system, i.e., just propose the concept of demand for security in advance.Meanwhile, system is opened Hair personnel lack the understanding to the security knowledge involved by business scenario reality mostly in itself, cause such demand for security to be landed Difficult, safety test effect is also not actual enough and accurate.
The content of the invention
The present invention provides a kind of Security requirements analysis method and system interacted based on scene, from business user perspective to being The business scenario of system carries out classifying and dividing, and for business scenario setting safety analysis, risk identification and safety control measures point Analysis, and the standard security document matched with business scenario is exported, providing security development for developer instructs.So as to realize The system research and development stage provides reliable security requirement, system design stage and provides accurate layout strategy, system testing stage The safety test document that can be landed is provided, asking due to the safety landing hardly possible that developer's security knowledge is deficient and brings is solved Topic, effectively increases the efficiency of system development, more targetedly ensure that the security requirement of developed system.
The present invention provides a kind of Security requirements analysis method interacted based on scene, including:
Login interface is shown to user, and receives the log-on message that user inputs on the login interface;
After logining successfully, business scene selection interface is shown to user;
The business scene selected according to user, is determined corresponding with selected business scene in business scene resources bank Security threat file;Wherein, each business scene has corresponding security threat file in security threat resources bank;
The business scene selected according to user, the corresponding security threat file of the business scene, generation demand for security text Part.
Optionally, main business scene interface, subservice scene interface are included in the business scene selection interface;It is described Method also includes:
According to selection of the user in the main business scene interface, included in the display selected main business scene of user Subservice scene display interface;
Accordingly, the business scene selected according to user, is determined and selected industry in business scene resources bank The corresponding security threat file of business scene, including:
The mark of the main business scene selected according to user in main business scene interface, is selected in subservice scene interface The mark for the subservice scene selected, determines the mark and the son with the main business scene in the security threat resources bank The corresponding demand for security file of the mark of business scene.
Optionally, methods described also includes:
The business scene selected according to user, is determined corresponding with selected business scene in safe design resources bank Safe Design Scheme;Wherein, each business scene has corresponding Safe Design Scheme in safe design resources bank;
The business scene selected according to user, the corresponding Safe Design Scheme of the business scene, generation safe design text Part.
Optionally, methods described also includes:
The business scene selected according to user, is determined corresponding with selected business scene in test sample resources bank Test sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The business scene selected according to user, the corresponding test sample of the business scene, generates safety test file.
Optionally, each business scene in the business scene resources bank with it is each in the security threat resources bank Each peace in each test sample, the safe design resources bank in security threat file, the test sample resources bank Full design has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each peace in the security threat resources bank It is complete to threaten file that there are one-to-one mapping relations;Each security threat file in the security threat resources bank with it is described Each test sample in test sample resources bank has one-to-one mapping relations;It is every in the safe design resources bank In each business scene and/or the security threat resources bank in individual Safe Design Scheme and the business scene resources bank Each security threat file has one-to-one mapping relations.
The present invention also provides a kind of Security requirements analysis system interacted based on scene, including:
Display module, for showing login interface to user;
Receiving module, for receiving the log-on message that user inputs on the login interface;
The display module, is additionally operable to after logining successfully, and business scene selection interface is shown to user;
Analysis module, for the business scene selected according to user, in business scene resources bank determine with it is selected The corresponding security threat file of business scene;Wherein, each business scene has in security threat resources bank corresponds to therewith Security threat file;
Generation module, for the business scene selected according to user, the corresponding security threat file of the business scene is raw Into demand for security file.
Optionally, main business scene interface, subservice scene interface are included in the business scene selection interface;
The display module, specifically for the selection according to user in the main business scene interface, display user institute The display interface of the subservice scene included in the main business scene of selection;
Accordingly, the analysis module, specifically for the main business feelings selected according to user in main business scene interface The mark of scape, the mark of the subservice scene selected in subservice scene interface is determined in the security threat resources bank With the mark and the corresponding demand for security file of mark of the subservice scene of the main business scene.
Optionally, the analysis module,
The business scene selected according to user is additionally operable to, is determined and selected business scene in safe design resources bank Corresponding Safe Design Scheme;Wherein, each business scene has corresponding safety to set in safe design resources bank Meter scheme;
The generation module, is additionally operable to the business scene selected according to user, the corresponding safe design of the business scene Scheme, generates safe design file.
Optionally, the analysis module,
The business scene selected according to user is additionally operable to, is determined and selected business scene in test sample resources bank Corresponding test sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The generation module, is additionally operable to the business scene selected according to user, the corresponding test sample of the business scene, Generate safety test file.
Optionally, each business scene in the business scene resources bank with it is each in the security threat resources bank Each peace in each test sample, the safe design resources bank in security threat file, the test sample resources bank Full design has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each peace in the security threat resources bank It is complete to threaten file that there are one-to-one mapping relations;Each security threat file in the security threat resources bank with it is described Each test sample in test sample resources bank has one-to-one mapping relations;It is every in the safe design resources bank In each business scene and/or the security threat resources bank in individual Safe Design Scheme and the business scene resources bank Each security threat file has one-to-one mapping relations.
The Security requirements analysis method and system interacted based on scene that the present invention is provided, by logging in boundary to user's display Face, and receive the log-on message that user inputs on the login interface;After logining successfully, show that business scene selects boundary to user Face;The business scene selected according to user, determines safety corresponding with selected business scene in business scene resources bank Threaten file;Wherein, each business scene has corresponding security threat file in security threat resources bank;According to user The business scene of selection, the corresponding security threat file of the business scene generates demand for security file.Realize from service-user Angle carries out classifying and dividing to the business scenario of system, and is controlled for business scenario setting safety analysis, risk identification with safety Measures analysis processed, and the standard security document matched with business scenario is exported, providing security development for developer instructs.From And realize that reliable security requirement, system design stage are provided in the system research and development stage provides accurate layout strategy, system Test phase provides the safety test document that can be landed, and solves because the safety that developer's security knowledge is deficient and brings falls The problem of ground is difficult, effectively increases the efficiency of system development, more targetedly ensure that the security of developed system Demand.
Brief description of the drawings
Fig. 1 is the flow for the Security requirements analysis method that the present invention shown in an exemplary embodiment is interacted based on scene Figure;
Fig. 2 is the flow for the Security requirements analysis method that the present invention shown in another exemplary embodiment is interacted based on scene Figure;
Fig. 3 is that the structure for the Security requirements analysis system that the present invention shown in an exemplary embodiment is interacted based on scene is shown It is intended to.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the flow for the Security requirements analysis method that the present invention shown in an exemplary embodiment is interacted based on scene Figure.The scheme of the present embodiment is applied to enterprise operation system and develops early stage, the safety that may relate to for specific business scenario Problem carries out demand for security design in advance, to allow later development personnel to be designed according to the demand for security in advance, has Targetedly development system, it is ensured that the security reliability for the system researched and developed.The Security requirements analysis side interacted based on scene Method can jointly be realized by the database of Security requirements analysis server and the Security requirements analysis data that are stored with.As shown in figure 1, The method of the present embodiment includes:
Step 101, to user login interface is shown, and receive the log-on message that user inputs on login interface.
Step 102, login successfully after, to user show business scene selection interface.
Step 103, the business scene selected according to user, are determined and selected business feelings in business scene resources bank The corresponding security threat file of scape.
The user can for directly contact entities business business personnel, because its understanding entities business flow, application scenarios, It therefore, it can relatively accurately determine the accurate scene for the business for needing to carry out security protection.Wherein, business scene resources bank In be stored be pre-designed and typing common business scenario and typical business scenario, can be according to type of service, species Scene classification is carried out, the form that can form such as scene problem base carries out the selection of business scene for user.Realize from user Angle is combed to operation system typical scene function, is user's outputting standard safety text by way of scene type question and answer Shelves, provide security development for developer and instruct.Wherein, each business scene has corresponding in security threat resources bank Security threat file.Security threat resources bank will collect the full spectrum of threats analysis and arrangement conclusion collected, and arranging turns into a money Source storehouse, is used during for threat analysis.A kind of business scene that user often selects has one or more security threat files therewith Correspondence.
Step 104, the business scene selected according to user, the corresponding security threat file of business scene, generation safety are needed Seek file.
The entire flow that above-mentioned steps are realized can be with for example, service-user logs in the system, the corresponding business scenario of selection A new project is created, into the scene problem under the selected scene of scene question and answer answer (that is in big scene catalogue Under, multiple small scene catalogues are subdivided into, can be achieved using tree structure), system is given birth to according to the answer situation of user The corresponding security threat file of scene therewith is got into corresponding scene results, and according to the scene results, both combine life Into demand for security file.User can download demand for security file used in the project development so that developer carries out business The reference of system safe design is used.
The Security requirements analysis method interacted based on scene that the present embodiment is provided, by showing login interface to user, And receive the log-on message that user inputs on the login interface;After logining successfully, business scene selection interface is shown to user; The business scene selected according to user, determines security threat corresponding with selected business scene in business scene resources bank File;Wherein, each business scene has corresponding security threat file in security threat resources bank;Selected according to user Business scene, the corresponding security threat file of the business scene, generate demand for security file.Realize from business user perspective Classifying and dividing is carried out to the business scenario of system, and arranged for business scenario setting safety analysis, risk identification and security control Analysis is applied, and exports the standard security document matched with business scenario, providing security development for developer instructs.Solve The problem of safety landing brought due to developer's security knowledge scarcity is difficult, effectively increases the efficiency of system development, more Added with the security requirement that pointedly ensure that developed system.
Fig. 2 is the flow for the Security requirements analysis method that the present invention shown in another exemplary embodiment is interacted based on scene Figure, as shown in Fig. 2 on the basis of a upper embodiment, the method for the present embodiment includes:
Step 201, to user login interface is shown, and receive the log-on message that user inputs on login interface.
Step 202, login successfully after, to user show business scene selection interface.Wrapped in the business scene selection interface Contain main business scene interface, subservice scene interface.
In step 203, the selection according to user in main business scene interface, the display selected main business scene of user Comprising subservice scene display interface.
The mark of step 204, the main business scene selected according to user in main business scene interface, in subservice scene The mark of the subservice scene selected in interface, determines the mark and subservice with main business scene in security threat resources bank The corresponding demand for security file of the mark of scene;The business scene selected according to user, the corresponding security threat of business scene File, generates demand for security file.
Step 205, the business scene selected according to user, are determined and selected business feelings in safe design resources bank The corresponding Safe Design Scheme of scape;Wherein, each business scene has corresponding safe design in safe design resources bank Scheme;The business scene selected according to user, the corresponding Safe Design Scheme of business scene generates safe design file.
Specifically, the major function of safe design resources bank is by common and typical Safe Design Scheme and code sample Summarizing input system, is used when generating safe design file for demand for security.Safe design resources bank can include public Technical demand for security (for example, which kind of business scene correspondence which kind of AES, which kind of information protection strategy etc.), using peace Full demand (for example, data safety demand, access control demand, prevent unauthorized operation demand etc.), communication security demand (for example, Which kind of business scene correspondence which kind of network type, Intranet communication pattern, selection of outbound communication pattern etc.), system deployment O&M Demand for security (for example, which kind of business scene correspondence which kind of information transmission mode, plaintext or cipher text transmission, unidirectional or two-way authentication, Soft certificate or hard certificate selection etc.).
Step 206, the business scene selected according to user, are determined and selected business feelings in test sample resources bank The corresponding test sample of scape;Wherein, each business scene has corresponding test sample in test sample resources bank; The business scene selected according to user, the corresponding test sample of business scene generates safety test file.
Specifically, the major function of test sample resources bank is by common safety test use-case and typical safety test Use-case is arranged in the database of input system, is used during for safety test.
Optionally, each business scene in business scene resources bank and each security threat in security threat resources bank File, each test sample in test sample resources bank, each Safe Design Scheme in safe design resources bank have respectively There are one-to-one mapping relations.Or, in each business scene and security threat resources bank in business scene resources bank Each security threat file has one-to-one mapping relations;Each security threat file in security threat resources bank is with surveying Each test sample in sample example resources bank has one-to-one mapping relations;Each safety in safe design resources bank Design and each business scene in business scene resources bank and/or the text of each security threat in security threat resources bank Part has one-to-one mapping relations.
Optionally, the system can also include:User management module, to be managed to all users under the system Reason, can scan for and accordingly increase according to user name, change and deletion action, and check the project that user is created. And user role distribution is carried out to user, it is normally used.
The embodiment realizes that Security requirements analysis and safety are set by allowing common developer to pass through the description to scene Meter, user selects corresponding business scenario to carry out scene question and answer in questionnaire form, system is according to user by creating project The security implementation degree of system under answered a question situation, the automatic analysis and judgment scene, generates corresponding demand for security design File, uses when carrying out security development for user, also safety manager can be allowed quickly to judge working condition under the scene, The substantial amounts of time for reducing artificial judgment.Filled in addition, user also can also carry out questionnaire to special classical safe case, Manager very easily draws user's answer result, and user also can conveniently check the security threat faced under this scene, peace Full demand and corresponding safe design.So as to realize reliable security requirement, system design are provided in the system research and development stage Stage provides accurate layout strategy, system testing stage and provides the safety test document that can be landed, and solves due to exploit person The problem of safety landing hardly possible that member's security knowledge is deficient and brings, the efficiency of system development is effectively increased, more targetedly Ground ensure that the security requirement of developed system.
The present embodiment, the business scene related to system development is selected by man-machine interaction mode, should be based on scene interaction Security requirements analysis system by query safe threaten resources bank, safe design resources bank, test sample resources bank, on backstage Server by utilizing such as security expert's model and a series of algorithm carry out data analysis, calculated, and automatically generate security expert's level Other demand for security file, safe design file, safety test file etc..Pass through the system so that developer, which develops, is The security requirement of system more conforms to the actual application scenarios of business, so as to obtain the protection of more preferable security performance.The invention Well for developer it is how under development go to evade these safety problems provide solution, solve due to exploit person The problem of safety landing hardly possible that member's security knowledge is deficient and brings;Meanwhile, by refining scene granularity, complete system demand for security Analysis so that demand for security is careful and targeted, solves the problem of demand for security is big and general;Pass through the safety test of output File, can dramatically improve testing reliability, make up the deficiency that traditional test is concerned only with function and performance.
Fig. 3 is that the structure for the Security requirements analysis system that the present invention shown in an exemplary embodiment is interacted based on scene is shown It is intended to, as shown in figure 3, the Security requirements analysis system interacted based on scene that the present embodiment is provided, including:Display module 1, is used In to user show login interface;Receiving module 2, for receiving the log-on message that user inputs on login interface;Show mould Block 1, is additionally operable to after logining successfully, and business scene selection interface is shown to user;Analysis module 3, for being selected according to user Business scene, corresponding with selected business scene security threat file is determined in business scene resources bank;Wherein, often Individual business scene has corresponding security threat file in security threat resources bank;Generation module 4, for being selected according to user The business scene selected, the corresponding security threat file of business scene generates demand for security file.
The Security requirements analysis system interacted based on scene of the present embodiment, during aforesaid operations are performed, in fact Existing principle is similar with the realization principle of the embodiment of the method described in Fig. 1, and technique effect is similar, and here is omitted.
Based on above-described embodiment, optionally, main business scene interface, subservice feelings are included in business scene selection interface Scape interface;Display module 1, specifically for the selection according to user in main business scene interface, shows the selected master of user The display interface of the subservice scene included in business scene;Accordingly, analysis module 3, specifically for according to user in main business The mark of the main business scene selected in business scene interface, the mark of the subservice scene selected in subservice scene interface, Determined in security threat resources bank and the mark of main business scene and the corresponding demand for security text of the mark of subservice scene Part.
Optionally, analysis module 3, are additionally operable to the business scene selected according to user, are determined in safe design resources bank Safe Design Scheme corresponding with selected business scene;Wherein, each business scene have in safe design resources bank with Corresponding Safe Design Scheme;Generation module 4, is additionally operable to the business scene selected according to user, the corresponding peace of business scene Full design, generates safe design file.
Optionally, analysis module 3, are additionally operable to the business scene selected according to user, are determined in test sample resources bank Test sample corresponding with selected business scene;Wherein, each business scene has right therewith in test sample resources bank The test sample answered;Generation module 4, is additionally operable to the business scene selected according to user, and the corresponding test sample of business scene is raw Into safety test file.
Optionally, each business scene in business scene resources bank and each security threat in security threat resources bank File, each test sample in test sample resources bank, each Safe Design Scheme in safe design resources bank have respectively There are one-to-one mapping relations;Or, in each business scene and security threat resources bank in business scene resources bank Each security threat file has one-to-one mapping relations;Each security threat file in security threat resources bank is with surveying Each test sample in sample example resources bank has one-to-one mapping relations;Each safety in safe design resources bank Design and each business scene in business scene resources bank and/or the text of each security threat in security threat resources bank Part has one-to-one mapping relations.
The Security requirements analysis system interacted based on scene of the present embodiment, during aforesaid operations are performed, in fact Existing principle is similar with the realization principle of the embodiment of the method described in Fig. 2, and technique effect is similar, and here is omitted.
Based on scene interact Security requirements analysis system by including channel, payment, product, data Layer, periphery or The business scene of the channels such as attached, branch's characteristic, office administration, basic platform, technology class, credit card impends analysis, has Corresponding demand for security is targetedly proposed, and corresponding Safe Design Scheme and safety survey are proposed for the demand for security Examination scheme.The personnel for making general service personnel, developer, tester etc. related to exploitation, in the peace interacted based on scene By the input of application scenarios on full Requirement Analysis System, resources bank, safe design resources bank, test are threatened by query safe Sample resources bank, carries out data analysis using such as security expert's model and a series of algorithm in background server, calculates, from Demand for security file, safe design file, safety test file of dynamic generation security expert's rank etc..Pass through the system so that The security requirement of developer institute development system more conforms to the actual application scenarios of business, so as to obtain more preferable security The protection of energy.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (10)

1. a kind of Security requirements analysis method interacted based on scene, it is characterised in that including:
Login interface is shown to user, and receives the log-on message that user inputs on the login interface;
After logining successfully, business scene selection interface is shown to user;
The business scene selected according to user, determines safety corresponding with selected business scene in business scene resources bank Threaten file;Wherein, each business scene has corresponding security threat file in security threat resources bank;
The business scene selected according to user, the corresponding security threat file of the business scene, generates demand for security file.
2. according to the method described in claim 1, it is characterised in that include main business feelings in the business scene selection interface Scape interface, subservice scene interface;Methods described also includes:
According to selection of the user in the main business scene interface, the son included in the display selected main business scene of user The display interface of business scene;
Accordingly, the business scene selected according to user, is determined and selected business feelings in business scene resources bank The corresponding security threat file of scape, including:
The mark of the main business scene selected according to user in main business scene interface, is selected in subservice scene interface The mark of subservice scene, determines the mark and the subservice with the main business scene in the security threat resources bank The corresponding demand for security file of the mark of scene.
3. method according to claim 2, it is characterised in that methods described also includes:
The business scene selected according to user, determines safety corresponding with selected business scene in safe design resources bank Design;Wherein, each business scene has corresponding Safe Design Scheme in safe design resources bank;
The business scene selected according to user, the corresponding Safe Design Scheme of the business scene, generates safe design file.
4. method according to claim 3, it is characterised in that methods described also includes:
The business scene selected according to user, determines test corresponding with selected business scene in test sample resources bank Sample;Wherein, each business scene has corresponding test sample in test sample resources bank;
The business scene selected according to user, the corresponding test sample of the business scene, generates safety test file.
5. method according to claim 4, it is characterised in that each business scene in the business scene resources bank with Each test sample in each security threat file, the test sample resources bank in the security threat resources bank, institute The each Safe Design Scheme stated in safe design resources bank has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each safe prestige in the security threat resources bank Side of body file has one-to-one mapping relations;Each security threat file and the test in the security threat resources bank Each test sample in sample resources bank has one-to-one mapping relations;Each peace in the safe design resources bank Full design with it is each in each business scene and/or the security threat resources bank in the business scene resources bank Security threat file has one-to-one mapping relations.
6. a kind of Security requirements analysis system interacted based on scene, it is characterised in that including:
Display module, for showing login interface to user;
Receiving module, for receiving the log-on message that user inputs on the login interface;
The display module, is additionally operable to after logining successfully, and business scene selection interface is shown to user;
Analysis module, for the business scene selected according to user, is determined and selected business in business scene resources bank The corresponding security threat file of scene;Wherein, each business scene has corresponding peace in security threat resources bank It is complete to threaten file;
Generation module, for the business scene selected according to user, the corresponding security threat file of the business scene, generation peace Full demand file.
7. system according to claim 6, it is characterised in that include main business feelings in the business scene selection interface Scape interface, subservice scene interface;
The display module, specifically for the selection according to user in the main business scene interface, shows selected by user Main business scene in the display interface of subservice scene that includes;
Accordingly, the analysis module, specifically for the main business scene that is selected according to user in main business scene interface Mark, the mark of the subservice scene selected in subservice scene interface is determined and institute in the security threat resources bank State the mark of main business scene and the corresponding demand for security file of mark of the subservice scene.
8. system according to claim 7, it is characterised in that
The analysis module, is additionally operable to the business scene selected according to user, in safe design resources bank determine with it is selected The corresponding Safe Design Scheme of business scene;Wherein, each business scene has right therewith in safe design resources bank The Safe Design Scheme answered;
The generation module, is additionally operable to the business scene selected according to user, the corresponding Safe Design Scheme of the business scene, Generate safe design file.
9. system according to claim 8, it is characterised in that
The analysis module, is additionally operable to the business scene selected according to user, test sample resources bank in determine with it is selected The corresponding test sample of business scene;Wherein, each business scene has corresponding in test sample resources bank Test sample;
The generation module, is additionally operable to the business scene selected according to user, the corresponding test sample of the business scene, generation Safety test file.
10. system according to claim 9, it is characterised in that each business scene in the business scene resources bank With each security threat file in the security threat resources bank, each test sample in the test sample resources bank, Each Safe Design Scheme in the safe design resources bank has one-to-one mapping relations respectively;
Or, each business scene in the business scene resources bank and each safe prestige in the security threat resources bank Side of body file has one-to-one mapping relations;Each security threat file and the test in the security threat resources bank Each test sample in sample resources bank has one-to-one mapping relations;Each peace in the safe design resources bank Full design with it is each in each business scene and/or the security threat resources bank in the business scene resources bank Security threat file has one-to-one mapping relations.
CN201710296158.1A 2017-04-28 2017-04-28 The Security requirements analysis method and system interacted based on scene Pending CN107145443A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710296158.1A CN107145443A (en) 2017-04-28 2017-04-28 The Security requirements analysis method and system interacted based on scene

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710296158.1A CN107145443A (en) 2017-04-28 2017-04-28 The Security requirements analysis method and system interacted based on scene

Publications (1)

Publication Number Publication Date
CN107145443A true CN107145443A (en) 2017-09-08

Family

ID=59775413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710296158.1A Pending CN107145443A (en) 2017-04-28 2017-04-28 The Security requirements analysis method and system interacted based on scene

Country Status (1)

Country Link
CN (1) CN107145443A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107957862A (en) * 2017-12-06 2018-04-24 杭州同立方软件有限公司 A kind of requirement analysis method for building industry science class virtual emulation practice-training teaching software
CN110908912A (en) * 2019-11-25 2020-03-24 中国人寿保险股份有限公司 Software security threat analysis method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102103514A (en) * 2011-03-02 2011-06-22 天津大学 Method for analyzing security demand based on activity graph expansion under CC (Common Criteria)
CN102236758A (en) * 2011-07-26 2011-11-09 天津大学 Security repository-based security requirement acquisition method
CN106227664A (en) * 2016-07-22 2016-12-14 华为技术有限公司 A kind of method and device testing application program
EP3147791A1 (en) * 2015-09-28 2017-03-29 Wipro Limited A system and method for improving integration testing in a cloud computing environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102103514A (en) * 2011-03-02 2011-06-22 天津大学 Method for analyzing security demand based on activity graph expansion under CC (Common Criteria)
CN102236758A (en) * 2011-07-26 2011-11-09 天津大学 Security repository-based security requirement acquisition method
EP3147791A1 (en) * 2015-09-28 2017-03-29 Wipro Limited A system and method for improving integration testing in a cloud computing environment
CN106227664A (en) * 2016-07-22 2016-12-14 华为技术有限公司 A kind of method and device testing application program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107957862A (en) * 2017-12-06 2018-04-24 杭州同立方软件有限公司 A kind of requirement analysis method for building industry science class virtual emulation practice-training teaching software
CN110908912A (en) * 2019-11-25 2020-03-24 中国人寿保险股份有限公司 Software security threat analysis method and system
CN110908912B (en) * 2019-11-25 2023-11-21 中国人寿保险股份有限公司 Software security threat analysis method and system

Similar Documents

Publication Publication Date Title
WO2022160707A1 (en) Human-machine interaction method and apparatus combined with rpa and ai, and storage medium and electronic device
CN105095970B (en) The execution method and system of third-party application
CN107894952A (en) Generation method, device, equipment and the readable storage medium storing program for executing of interface testing use-case
CN107566379A (en) A kind of government information resources shared system based on block chain
CN110519115A (en) Gateway interface test method, terminal device, storage medium and device
CN106485473A (en) Mobile approval information system and its information processing method
CN102799962A (en) Configuration type business flow system and realization method thereof
CN106919378A (en) Application based on increment updates and method of testing and system, server and client
CN110851860A (en) Power consumption data desensitization algorithm model construction method based on anonymization privacy technology
CN105184144A (en) Multi-system privilege management method
CN107256428A (en) Data processing method, data processing equipment, storage device and the network equipment
CN107608902A (en) Routine interface method of testing and device
CN108763091A (en) Method, apparatus and system for regression test
CN108255707A (en) Development roles creation method, device, equipment and the storage medium of test case
CN107634989A (en) A kind of cloud wallet construction method and server
CN107145443A (en) The Security requirements analysis method and system interacted based on scene
CN104270359B (en) The authentic authentication system and method for network trading
CN109739541A (en) A kind of dual system code/file management platform architecture
CN107770151A (en) A kind of enterprise's integrated work management system and its method
CN110046636A (en) Prediction technique of classifying and device, prediction model training method and device
CN106802797A (en) The generation method and device of a kind of application programming interface
Contini et al. Simulating smart campus applications in edge and fog computing
CN107341645A (en) Demand of human resources information processing method, device, computer equipment and storage medium
CN116415203A (en) Government information intelligent fusion system and method based on big data
CN115328786A (en) Automatic testing method and device based on block chain and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170908