CN109683854A - A kind of software security requirement analysis method and system - Google Patents
A kind of software security requirement analysis method and system Download PDFInfo
- Publication number
- CN109683854A CN109683854A CN201811573331.9A CN201811573331A CN109683854A CN 109683854 A CN109683854 A CN 109683854A CN 201811573331 A CN201811573331 A CN 201811573331A CN 109683854 A CN109683854 A CN 109683854A
- Authority
- CN
- China
- Prior art keywords
- security
- analysis
- demand
- business scenario
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/10—Requirements analysis; Specification techniques
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a kind of software security requirement analysis method and system, method includes: the STRIDE threat analysis based on foundation, obtains the safety analysis result of each business scenario;According to the safety analysis as a result, establishing the demand for security baseline of each business scenario;According to the demand for security baseline, scene type design is carried out, includes multiple business scenario units in the scene type design, each corresponding corresponding demand for security of the business scenario unit.A kind of software security requirement analysis method and system provided in an embodiment of the present invention, description by user to system and business scenario, resources bank and threat analysis methodology are threatened using maturing, it impends analysis and Security requirements analysis to system, to carry out detailed security analysis to critical workflow, it is ensured that the completeness and systematicness of demand for security.
Description
Technical field
The present embodiments relate to Information System Software technical field more particularly to a kind of software security demand analyses
Method and system.
Background technique
In Information System Software field, the stages such as demand, design, exploitation, test, deployment are generally comprised, these ranks
Section just constitutes software development Life cycle.In software development Life cycle, developer is often because excessive emphasis is ground
The technologies such as function, the performance of hair realize aspect, perhaps overwork sometimes for project or recognize deficiency to secure context, and right
Security attribute considers deficiency, or even loses the factor consideration to safety completely.In software development security fields, key is to do a good job of it
Source.The source of software development safety is that software requirement safety, so Security requirements analysis work how is carried out, to exploitation
System safe mass have direct and important influence.
The analysis of demand for security mainly passes through several following manner in the prior art: 1, the personnel of safe goalkeeper are approving and initiate a project
Stage and the intervention of demand talking stage, it is online to project to propose corresponding demand for security, generally mainly from system availability, reliable
Property and aspect of performance propose demand for security;2, demand personnel or developer pass through in the project demands combing stage by previous project
It tests and is accumulated with personal knowledge, propose some non-functional demands for security;3, there is certain accumulation in small part enterprise, in project demands
Stage has the demand for security requirement and specification of response.
But the scheme that the prior art provides has some disadvantages, wherein most important disadvantage is exactly to be lack of pertinence and be
System property, the demand for security scheme that the prior art provides all is the demand for security put forward from network, host, performance etc., and often
These demands for security with operation system first is that be detached from, and without specific aim, shortage is directed to the demand for security in terms of business loophole, and
These demands for security lack the analysis of analysis, shortage to threat attack to system vulnerability, so that Security requirements analysis be caused to lack
Weary systematicness.Therefore, a kind of software security requirement analysis method is needed now to solve the above problems.
Summary of the invention
To solve the above-mentioned problems, the embodiment of the present invention provides one kind and overcomes the above problem or at least be partially solved
State a kind of software security requirement analysis method and system of problem.
The first aspect embodiment of the present invention provides a kind of software security requirement analysis method, comprising:
STRIDE threat analysis based on foundation obtains the safety analysis result of each business scenario;
According to the safety analysis as a result, establishing the demand for security baseline of each business scenario;
According to the demand for security baseline, scene type design is carried out, includes multiple business scenarios in the scene type design
Unit, each corresponding corresponding demand for security of the business scenario unit.
The embodiment of the invention provides a kind of software security Requirement Analysis Systems for second aspect, comprising:
Threat analysis module obtains the safety of each business scenario for the STRIDE threat analysis based on foundation
Analyze result;
Demand for security baseline establishes module, for according to the safety analysis as a result, establishing the safety of each business scenario
Demand baseline;
Situated design module, for according to the demand for security baseline, carrying out scene type design, in the scene type design
Comprising multiple business scenario units, each corresponding corresponding demand for security of the business scenario unit.
The embodiment of the invention provides a kind of electronic equipment for the third aspect, comprising:
Processor, memory, communication interface and bus;Wherein, the processor, memory, communication interface pass through described
Bus completes mutual communication;The memory is stored with the program instruction that can be executed by the processor, the processor
Described program instruction is called to be able to carry out above-mentioned software security requirement analysis method.
The embodiment of the invention provides a kind of non-transient computer readable storage medium, the non-transient calculating for fourth aspect
Machine readable storage medium storing program for executing stores computer instruction, and the computer instruction makes the computer execute above-mentioned software security demand
Analysis method.
A kind of software security requirement analysis method and system provided in an embodiment of the present invention, by user to system and business
The description of scene threatens resources bank and threat analysis methodology using maturing, impends analysis and demand for security to system
Analysis, to carry out detailed security analysis to critical workflow, it is ensured that the completeness and systematicness of demand for security.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of software security requirement analysis method flow diagram provided in an embodiment of the present invention;
Fig. 2 is client's element decomposition diagram provided in an embodiment of the present invention;
Fig. 3 is the element decomposition diagram of client's usage scenario provided in an embodiment of the present invention;
Fig. 4 is a kind of software security Requirement Analysis System structural schematic diagram provided in an embodiment of the present invention;
Fig. 5 is the structural block diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical solution in the embodiment of the present invention is explicitly described, it is clear that described embodiment is the present invention
A part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not having
Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
It should be noted that exploitation security fields belong to a subdomain of information security field, this subdomain is also industry
A generally acknowledged difficult point, however as the interconnection networking of the state of development of banking information system, especially banking system, to letter
It is higher and higher to cease safe requirement, it is higher to exploitation safety requirements.It is well known that information system security assurance is a Pang
Big and complicated project, and safe project field is being developed, a large amount of manpower and material resources are put into both at home and abroad carries out grinding for this respect
Study carefully and practices.The existing theoretical research of research of exploitation safety both at home and abroad at present, also has and is analyzed by the practice of enterprise, summarized
Successful Practice out.Security requirements analysis work how is carried out, is had to the system safe mass of exploitation direct and important
It influences.Security requirements analysis is excessively highly fixed, will cause that development cost is excessively high, and resource excessively uses, and then influences entire exploitation
Cost.Demand for security Ding get Tai is low, and will cause the system safe mass decline of exploitation, and security attack thing is easy to appear after online
Part but will cause immeasurable loss to enterprise.Therefore the analysis of demand for security is many-sided from completeness and applicability etc.
It is measured.
With social economy and Informatization Development, the complexity of information system is continued to increase, and system is more and more flexible, function
Can be more various, the difficult point for causing security threat analysis and demand analysis to work increases.Based on above-mentioned situation, developer is difficult to solely
From demand for security, and the Security requirements analysis talent and relative shortage is completed, really demand for security, which works, to land to execute is truly had
Difficulty.Difficulty is landed to reduce, and improves the comprehensive and efficiency of demand for security, it is necessary to formulate the demand for security mould of classification
Plate.But since template number is numerous, using complexity, heavy workload is changed, it is necessary to a kind of Security requirements analysis method offer effect
Rate and technical support.
All more or less there is a problem of as described in the background art in current technology scheme some obvious.First party
Face, for specific aim and systematicness, conventional situation demand for security is all that the safety put forward from network, host, performance etc. needs
It asks, and often these demands for security with operation system first is that be detached from, without specific aim, shortage is for the safety in terms of business loophole
Demand;Second is that these demands for security lack the analysis of analysis, shortage to attack is threatened to system vulnerability, to cause to need safely
Analysis is asked to lack systematicness.Second aspect, for normalization, conventional security demand analysis is generally from Security Officer or exploit person
The experience of member and propose demand for security, rely primarily on the experience and ability of people, it is normative not strong without reference to standard.The
Three aspects, for completeness, the demand for security that Security Officer or research staff propose lacks theoretical direction and methodology, leads
Cause the incomplete of demand for security.
For above-mentioned problems of the prior art, Fig. 1 is a kind of software security demand provided in an embodiment of the present invention
Analysis method flow diagram, as shown in Figure 1, comprising:
101, the STRIDE threat analysis based on foundation obtains the safety analysis result of each business scenario;
102, according to the safety analysis as a result, establishing the demand for security baseline of each business scenario;
103, according to the demand for security baseline, carry out scene type design, include multiple business fields in the scene type design
Scape unit, each corresponding corresponding demand for security of the business scenario unit.
It is understood that the software security requirement analysis method that the embodiment of the present invention proposes is the feelings based on business scenario
The design of scape formula.Specifically, in a step 101, the embodiment of the present invention establishes a STRIDE threat analysis, it should
STRIDE threat analysis is a process for assessing, planning and reducing the possible risk of application program.
STRIDE is Spoofing (personation), and Tampering (is distorted), and Repudiation (denies), Information
Disclosure (leakage of information), Denial of Service (refusal service), Elevation of Privilege (is promoted
Permission).Wherein, Spoofing is to allow opponent as another user, component or the body in modeled other systems
Part;Tampering is the data modification of malice in systems;Repudiation be because system there is no enough evidences so that
Opponent denies executing the ability of malicious act;Information Disclosure is that the data of protection are exposed to lack of competence
Access the user of data;Denial of Service is the normal function Elevation that opponent organizes legitimate user using system
Of Privilege is that level of trust more higher than current authentication is obtained using illegal means.It is understood that of the invention
Embodiment can carry out the safety analysis of STRIDE threat analysis for each business scenario, to obtain each business scenario
Safety analysis result.
Further, in a step 102, the embodiment of the present invention establishes demand for security baseline to each business scenario, as
Each business scenario proposes most basic demand for security requirement, so that follow-up business has to reach the baseline requirement just when executing
It can be up to standard.
Finally, in step 103, carrying out scene type design according to the demand for security baseline.It should be noted that of the invention
It include many business scenario units in the scene of embodiment design, each business scenario unit corresponds to its corresponding demand for security.
Demand for security design is carried out to realize to be threatened by scene, powerful technical support is provided for development process safety management.
A kind of software security requirement analysis method provided in an embodiment of the present invention, by user to system and business scenario
Description threatens resources bank and threat analysis methodology using maturing, impends analysis and Security requirements analysis to system, from
And detailed security analysis is carried out to critical workflow, it is ensured that the completeness and systematicness of demand for security.
On the basis of the above embodiments, the STRIDE threat analysis described based on foundation, obtains each business
Before the safety analysis result of scene, the method also includes:
Establish the STRIDE threat analysis.
By the content of above-described embodiment it is found that the embodiment of the invention provides a kind of threat analysis sides for business scenario
Formula, wherein STRIDE threat analysis has been used, then the embodiment of the present invention needs to establish should before embodiment
STRIDE threat analysis.
It establishes the STRIDE threat analysis specifically, described and includes:
Identification security target simultaneously creates application program abstract;
It is made a summary according to the application program, decomposes existing threat under application program and recognition application local environment.
STRIDE threat analysis provided in an embodiment of the present invention of stating mainly is made of three high-level steps: understanding is attacked
The idea for the person of hitting describes security system and determines threat.So specific to these three high-level steps, the embodiment of the present invention is first
It can first identify security target, i.e., clearly go out target, which can be used to assess the period of entire Threat moulding work;And then
Application program abstract is created, i.e., lists the important feature and element of application program in detail;Then the application program listed is carried out
It decomposes, that is, application structure is understood in detail, so that threat that may be present be more easily found;Then identification threatens, and leads to
It crosses above-mentioned creation application program abstract and decomposes application program process, the embodiment of the present invention can recognize that locating for application program
Threat under environment;It finally identifies problem, i.e., checks the every aspect of application program again to identify related problem.
On the basis of the above embodiments, the STRIDE threat analysis based on foundation, obtains each business field
The safety analysis result of scape, comprising:
STRIDE threat analysis based on foundation, the element for carrying out two dimensions to user are decomposed, the dimension packet
Include client's relevant factor and client's usage scenario;
Based on the element decomposition result of two dimensions of user, the safety point of each business scenario of customer-centric is obtained
Analyse result.
It should be noted that current exploitation security system is built upon the base of the Security requirements analysis of oriented of Information System
On plinth, in practice, since system quantity is huge, relationship is intricate from each other, based on triangular web demand for security point
Analysis has been difficult to meet the needs of practical business.
Therefore, on the basis of the embodiment of the present invention is existing Security requirements analysis, foundation surmounts single piece of information system, with visitor
Family is object, threat analysis and demand for security based on the behavior of client and application scenarios.
It is customer-centric first, the CIA attribute of client is specified, C refers to that confidentiality (Confidentiality), I refer to
Integrality (Integrality), A refer to (Availability).So for client, C be privacy, I be assets not
It suffers a loss, A is the assets that can be conveniently used oneself.
Under the premise of herein, the embodiment of the present invention decomposes the decomposition for using two dimensions to the element of client.Client's
It is that S is represented by other people personations, the T instruction, operation, information for representing client are tampered, R represents friendship that STRIDE, which analyzes corresponding content,
The resisting denying of easy object, the leakage of I representative information, D represents availability, E represents external authorization and is exceeded.Fig. 2 is of the invention real
Apply example offer client's element decomposition diagram, as shown in Fig. 2, client's element decompose mainly include medium on for example: bank card;
On physical equipment for example: mobile phone;In application environment;In application system;On security tool for example: otp token, u shield;Social networks
On.
Fig. 3 is the element decomposition diagram of client's usage scenario provided in an embodiment of the present invention, as shown in figure 3, client
It includes registration that scape, which decomposes mainly, signing binds, logs in, inquiring, transferring accounts, recharging and paying, customer information modify several respects.
Complex chart 2 and content shown in Fig. 3, the embodiment of the present invention can be divided by the threat decomposed to two above dimension
Analysis, solid show security threat customer-centric, form the unified security demand for exceeding triangular web.
On the basis of the above embodiments, the STRIDE threat analysis described based on foundation, obtains each business
Before the safety analysis result of scene, the method also includes:
Function and data stream to operation system comb, and obtain the business scenario.
By the content of above-described embodiment it is found that the embodiment of the present invention is the scene type Security requirements analysis based on business scenario
Method, then being the data by combing operation system function and generation for the business scenario embodiment of the present invention analyzed
Stream, to therefrom extract each business scenario, and its book of final entry is saved.
On the basis of the above embodiments, described according to the demand for security baseline, after carrying out scene type design, institute
State method further include:
The scene type is designed and is sent to user by platform by the platform based on the Automation Design, for user's progress
Scene type response.
By the content of above-described embodiment it is found that the embodiment of the present invention will do it a scene type design, scene type design
In include business scenario unit, each business scenario unit can correspond to a corresponding demand for security, then for using user
For, it needs to carry out response to the scene that analytic process could be completed.
Specifically, the carry out Platform Designing that the embodiment of the present invention can automate, so that user is in the flat of the Automation Design
Scene type response is completed on platform, completes the Security requirements analysis of system.
The effect of scheme is provided in order to verify the embodiment of the present invention, the embodiment of the present invention applies the program in certain business bank
It is practiced.
It is counted through practice result, after method provided in an embodiment of the present invention, high-risk loophole number averagely declines
90.2%, middle danger loophole number averagely declines 68.7%, and low danger loophole number averagely declines 40%, and system significantly improves safely.
And important system averagely rectifies and improves the man month and accounts for project is totally manually put into 8% before pilot, averagely rectifies and improves after pilot
Man month accounts for the ratio that project is totally manually put into and drops to 3%.The exploitation man month of current pilot project amounted to for 1230 man months, with section
5% calculating is saved, 61.5 rectification man months can be saved, per man month 30,000 calculates, and amounts to and saves about 184.5 ten thousand.It is tried by this programme
Point, about 31 man months of the total saving current year are amounted to the measuring and calculating of per man month 30,000 and are saved about 930,000.Two total savings about 277.5
Ten thousand, substantially increase economic benefit.
Fig. 4 is a kind of software security Requirement Analysis System structural schematic diagram provided in an embodiment of the present invention, as shown in figure 4,
It include: that threat analysis module 401, demand for security baseline establish module 402 and Situated design module 403, in which:
Threat analysis module 401 is used for the STRIDE threat analysis based on foundation, obtains the peace of each business scenario
Complete analysis result;
Demand for security baseline is established module 402 and is used for according to the safety analysis as a result, establishing the peace of each business scenario
Full demand baseline;
Situated design module 403 is used to carry out scene type design, the scene type design according to the demand for security baseline
In include multiple business scenario units, the corresponding corresponding demand for security of each business scenario unit.
It is specific how module 402 and Situated design module to be established by threat analysis module 401, demand for security baseline
403 pairs of software security demand analyses can be used for executing the technical solution of software security requirement analysis method embodiment shown in FIG. 1,
That the realization principle and technical effect are similar is similar for it, and details are not described herein again.
A kind of software security Requirement Analysis System provided in an embodiment of the present invention, by user to system and business scenario
Description threatens resources bank and threat analysis methodology using maturing, impends analysis and Security requirements analysis to system, from
And detailed security analysis is carried out to critical workflow, it is ensured that the completeness and systematicness of demand for security.
On the basis of the above embodiments, the system also includes:
Model building module, for establishing the STRIDE threat analysis.
On the basis of the above embodiments, the model building module includes:
Identify creating unit, for identification security target and create application program abstract;
Threat identification module is decomposed locating for application program and recognition application for being made a summary according to the application program
Existing threat under environment.
On the basis of the above embodiments, the threat analysis module 401 includes:
Element decomposition unit carries out two dimensions to user and wants for the STRIDE threat analysis based on foundation
Element decomposes, and the dimension includes client's relevant factor and client's usage scenario;
Safety analysis unit obtains each of customer-centric for the element decomposition result based on two dimensions of user
The safety analysis result of a business scenario.
On the basis of the above embodiments, the system also includes:
Business scenario obtain module, for operation system function and data stream comb, obtain the business field
Scape.
On the basis of the above embodiments, the system also includes:
The scene type is designed for the platform based on the Automation Design and is sent to user by platform by sending module,
So that user carries out scene type response.
The embodiment of the present invention provides a kind of electronic equipment, comprising: at least one processor;And with the processor communication
At least one processor of connection, in which:
Fig. 5 is the structural block diagram of electronic equipment provided in an embodiment of the present invention, referring to Fig. 5, the electronic equipment, comprising:
Processor (processor) 501, communication interface (Communications Interface) 502, memory (memory) 503
With bus 504, wherein processor 501, communication interface 502, memory 503 complete mutual communication by bus 504.Place
Reason device 501 can call the logical order in memory 503, to execute following method: the STRIDE threat analysis based on foundation
Model obtains the safety analysis result of each business scenario;According to the safety analysis as a result, establishing the peace of each business scenario
Full demand baseline;According to the demand for security baseline, scene type design is carried out, includes multiple business fields in the scene type design
Scape unit, each corresponding corresponding demand for security of the business scenario unit.
The embodiment of the present invention discloses a kind of computer program product, and the computer program product is non-transient including being stored in
Computer program on computer readable storage medium, the computer program include program instruction, when described program instructs quilt
When computer executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, based on foundation
STRIDE threat analysis obtains the safety analysis result of each business scenario;According to the safety analysis as a result, establishing each
The demand for security baseline of a business scenario;According to the demand for security baseline, scene type design is carried out, in the scene type design
Comprising multiple business scenario units, each corresponding corresponding demand for security of the business scenario unit.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage
Medium storing computer instruction, the computer instruction make the computer execute side provided by above-mentioned each method embodiment
Method, for example, the STRIDE threat analysis based on foundation obtains the safety analysis result of each business scenario;According to
The safety analysis is as a result, establish the demand for security baseline of each business scenario;According to the demand for security baseline, scene is carried out
Formula designs, and includes multiple business scenario units in the scene type design, and corresponding one of each business scenario unit is corresponding
Demand for security.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (9)
1. a kind of software security requirement analysis method characterized by comprising
STRIDE threat analysis based on foundation obtains the safety analysis result of each business scenario;
According to the safety analysis as a result, establishing the demand for security baseline of each business scenario;
According to the demand for security baseline, scene type design is carried out, includes multiple business scenario units in the scene type design,
Each corresponding corresponding demand for security of the business scenario unit.
2. the method according to claim 1, wherein in the STRIDE threat analysis based on foundation,
Before the safety analysis result for obtaining each business scenario, the method also includes:
Establish the STRIDE threat analysis.
3. according to the method described in claim 2, it is characterized in that, described establish the STRIDE threat analysis and include:
Identification security target simultaneously creates application program abstract;
It is made a summary according to the application program, decomposes existing threat under application program and recognition application local environment.
4. according to the method described in claim 3, it is characterized in that, the STRIDE threat analysis based on foundation, is obtained
Take the safety analysis result of each business scenario, comprising:
STRIDE threat analysis based on foundation, the element for carrying out two dimensions to user are decomposed, and the dimension includes visitor
Family relevant factor and client's usage scenario;
Based on the element decomposition result of two dimensions of user, the safety analysis knot of each business scenario of customer-centric is obtained
Fruit.
5. the method according to claim 1, wherein in the STRIDE threat analysis based on foundation,
Before the safety analysis result for obtaining each business scenario, the method also includes:
Function and data stream to operation system comb, and obtain the business scenario.
6. the method according to claim 1, wherein carrying out scene according to the demand for security baseline described
After formula design, the method also includes:
The scene type is designed and is sent to user by platform by the platform based on the Automation Design, so that user carries out scene
Formula response.
7. a kind of software security Requirement Analysis System characterized by comprising
Threat analysis module obtains the safety analysis of each business scenario for the STRIDE threat analysis based on foundation
As a result;
Demand for security baseline establishes module, for according to the safety analysis as a result, establishing the demand for security of each business scenario
Baseline;
Situated design module, for carrying out scene type design, including in the scene type design according to the demand for security baseline
Multiple business scenario units, each corresponding corresponding demand for security of the business scenario unit.
8. a kind of electronic equipment, which is characterized in that including memory and processor, the processor and the memory pass through always
Line completes mutual communication;The memory is stored with the program instruction that can be executed by the processor, the processor tune
The method as described in claim 1 to 6 is any is able to carry out with described program instruction.
9. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer instruction is stored up, the computer instruction makes the computer execute such as method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573331.9A CN109683854A (en) | 2018-12-21 | 2018-12-21 | A kind of software security requirement analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573331.9A CN109683854A (en) | 2018-12-21 | 2018-12-21 | A kind of software security requirement analysis method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109683854A true CN109683854A (en) | 2019-04-26 |
Family
ID=66188787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811573331.9A Pending CN109683854A (en) | 2018-12-21 | 2018-12-21 | A kind of software security requirement analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109683854A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110147540A (en) * | 2019-05-08 | 2019-08-20 | 北京国舜科技股份有限公司 | Service security requirement documents generation method and system |
| CN110955897A (en) * | 2019-11-25 | 2020-04-03 | 中国人寿保险股份有限公司 | Software research and development safety control visualization method and system based on big data |
| CN111309288A (en) * | 2020-01-20 | 2020-06-19 | 北京国舜科技股份有限公司 | Analysis method and device of software requirement specification file suitable for banking business |
| CN111563254A (en) * | 2020-05-07 | 2020-08-21 | 中国工商银行股份有限公司 | Threat risk processing method and apparatus for product, computer system and medium |
| CN111914408A (en) * | 2020-07-15 | 2020-11-10 | 中国民航信息网络股份有限公司 | Threat modeling-oriented information processing method and system and electronic equipment |
| CN113885837A (en) * | 2021-09-28 | 2022-01-04 | 深圳开源互联网安全技术有限公司 | Method and device for establishing threat modeling requirement |
| CN116737111A (en) * | 2023-08-14 | 2023-09-12 | 深圳海云安网络安全技术有限公司 | Safety demand analysis method based on scenerization |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN101989230A (en) * | 2010-10-22 | 2011-03-23 | 中国人民解放军理工大学 | Method for extracting requirements and describing behaviors during software safety test based on profile division |
| US20160133142A1 (en) * | 2001-02-20 | 2016-05-12 | Adidas Ag | Performance monitoring systems and methods |
-
2018
- 2018-12-21 CN CN201811573331.9A patent/CN109683854A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160133142A1 (en) * | 2001-02-20 | 2016-05-12 | Adidas Ag | Performance monitoring systems and methods |
| CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
| CN101989230A (en) * | 2010-10-22 | 2011-03-23 | 中国人民解放军理工大学 | Method for extracting requirements and describing behaviors during software safety test based on profile division |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110147540A (en) * | 2019-05-08 | 2019-08-20 | 北京国舜科技股份有限公司 | Service security requirement documents generation method and system |
| CN110955897A (en) * | 2019-11-25 | 2020-04-03 | 中国人寿保险股份有限公司 | Software research and development safety control visualization method and system based on big data |
| CN111309288A (en) * | 2020-01-20 | 2020-06-19 | 北京国舜科技股份有限公司 | Analysis method and device of software requirement specification file suitable for banking business |
| CN111563254A (en) * | 2020-05-07 | 2020-08-21 | 中国工商银行股份有限公司 | Threat risk processing method and apparatus for product, computer system and medium |
| CN111563254B (en) * | 2020-05-07 | 2024-05-07 | 中国工商银行股份有限公司 | Threat risk processing method and apparatus for product, computer system, and medium |
| CN111914408A (en) * | 2020-07-15 | 2020-11-10 | 中国民航信息网络股份有限公司 | Threat modeling-oriented information processing method and system and electronic equipment |
| CN111914408B (en) * | 2020-07-15 | 2024-03-08 | 中国民航信息网络股份有限公司 | Threat modeling-oriented information processing method and system and electronic equipment |
| CN113885837A (en) * | 2021-09-28 | 2022-01-04 | 深圳开源互联网安全技术有限公司 | Method and device for establishing threat modeling requirement |
| CN116737111A (en) * | 2023-08-14 | 2023-09-12 | 深圳海云安网络安全技术有限公司 | Safety demand analysis method based on scenerization |
| CN116737111B (en) * | 2023-08-14 | 2023-10-13 | 深圳海云安网络安全技术有限公司 | Safety demand analysis method based on scenerization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109683854A (en) | A kind of software security requirement analysis method and system | |
| CN109034661A (en) | User identification method, device, server and storage medium | |
| US11087334B1 (en) | Method and system for identifying potential fraud activity in a tax return preparation system, at least partially based on data entry characteristics of tax return content | |
| Rühlig et al. | What to make of the Huawei debate? 5G network security and technology dependency in Europe | |
| Eastman et al. | Big data and predictive analytics: on the cybersecurity front line | |
| Korman et al. | Analyzing the effectiveness of attack countermeasures in a scada system | |
| Raghavendra et al. | [Retracted] Critical Retrospection of Security Implication in Cloud Computing and Its Forensic Applications | |
| Susanto et al. | Information security awareness within business environment: an IT review | |
| CN105933300A (en) | Safety management method and device | |
| Hadavi et al. | Security requirements engineering; state of the art and research challenges | |
| Majeed et al. | Devising a secure architecture of internet of everything (IoE) to avoid the data exploitation in cross culture communications | |
| Ramachandran et al. | Cloud security proposed and demonstrated by cloud computing adoption framework | |
| Park et al. | Security requirements prioritization based on threat modeling and valuation graph | |
| CN116415810A (en) | Threat analysis method, threat analysis device and electronic equipment | |
| Muntés-Mulero et al. | Model-driven evidence-based privacy risk control in trustworthy smart IoT systems | |
| Flynn et al. | Cloud service provider methods for managing insider threats: Analysis phase ii, expanded analysis and recommendations | |
| Basu et al. | A quantitative methodology for cloud security risk assessment | |
| Rosado et al. | Applying a UML Extension to build Use Cases diagrams in a secure mobile Grid application | |
| CN113254936A (en) | Terminal safety management and control platform based on brain-like calculation | |
| De et al. | Trusted cloud-and femtocell-based biometric authentication for mobile networks | |
| Trad | Enterprise Transformation Projects-Cloud Transformation Concept–Holistic Security Integration (CTC-HSI) | |
| Salman et al. | Analysis and Development of Information Security Framework for Distributed E-Procurement System | |
| Trad | Entity Transformation Projects: Security Management Concept (SMC) | |
| CN116208429B (en) | Security capability evaluation method and device of zero trust system architecture | |
| Bakir | A single-label model to ensure data consistency in information security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190426 |
|
| RJ01 | Rejection of invention patent application after publication |