CN102799816A - Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) - Google Patents
Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) Download PDFInfo
- Publication number
- CN102799816A CN102799816A CN2012102236772A CN201210223677A CN102799816A CN 102799816 A CN102799816 A CN 102799816A CN 2012102236772 A CN2012102236772 A CN 2012102236772A CN 201210223677 A CN201210223677 A CN 201210223677A CN 102799816 A CN102799816 A CN 102799816A
- Authority
- CN
- China
- Prior art keywords
- security function
- security
- software
- function assembly
- standard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation), which is used for implementing recommendation and adjustment of a safety function component based on the CC at the demand analysis stage of software engineering. The method comprises the following steps of: performing abstract analysis and induction on description of threatening information in estimation documents in various fields based on a CC system, thus establishing a threat knowledge base; recommending a corresponding safety function component set for each threat knowledge in the threat knowledge base, and establishing a corresponding relationship between each threat knowledge and safety function components based on standard semantics; and establishing a safety function component cost evaluation table according to each safety function component type, and adjusting the components according to the content of the table. Compared with the prior art, the software safety function component management method points out the safety function component recommending and adjusting method based on the CC at the software requirement analysis stage, so that the software safety problem is considered at the initial stage of the development of a software system, the possibility of a security hole is reduced, and the software safety is improved.
Description
Technical field
The present invention relates to technical field of software security; Particularly relate in the Trusted Computing field based on the security function assembly of CC standard and recommending and method of adjustment.
Background technology
Along with Internet fast development and computer utility are popularized, people are increasingly high to the credible demand of IT product, and meanwhile, the safety problem of software also becomes increasingly conspicuous with complicated.How to guarantee that the security of application software has become the focus of people's common concern, the past, concentrate in the implementation procedure of software for the research majority of software security, great majority are the leak in patch system or the application software.Yet; The software security problem is not well solved; Data presentation according to statistics; The software security problem of significant proportion appears at the software requirement analysis stage, and the cost that in field of software development, more early solves safety problem and spent also will be more little, so safety problem is risen to way that the software development initial stage considers by extensively approval.
Industry has approved generally whether requirement engineering successfully plays conclusive effect for the exploitation of large software project at present.But the foundation of software security demand and security mechanism is mentioned simply in most of demand analysis documents, does not carry out concrete analysis; Can carry out the demand for security analysis though have in addition in the part requirement documents, demand for security analytic process and functional requirement do not connect yet, and this will cause the final protection that realizes of demand for security to be performed practically no function.The existence of these problems has embodied in the software development process to the despising of the demand analysis of safety, so need the concrete demand for security analytical approach of system to help the clear and definite demand for security of people.
Obtained many useful progress in software security demand analysis field in recent years, research mainly concentrates on software security requirement engineering method flow and the demand for security extraction technique.Wherein, The research of software security requirement engineering method flow mutually combines with the demand for security extraction technique; Flow and method is based on software security appellative function framework, and extraction technique belongs to the realization technology, and various demand extraction techniques are used in different flow and methods.At present, become a kind of trend and common recognition gradually in CC standard (the Information Technology Security Evaluation Common Criteria The Common Criteria for Information Technology Security Evaluation) demand for security of giving a definition.The criterion and the standard of existing information safety before it combines have formed more comprehensively standard card cage.The CC standard has been widely used in the exploitation of software product as international safety assessment standard, and the fail-safe software that goes out in conjunction with the CC standard development has received user's trust.Because abundant the security knowledge empirical content and its authority of CC standard, the security function assembly of choosing accurately in the CC standard comes analysis software security function demand significant, and this also is the good method that solves the security function needs of problems.
Yet utilize CC to carry out existing in the process of software security demand analysis such problem at present: whole process need security expert's participation; Choose in the process in security function, depend on expert's experience on largely, do not have the standard that can quantize; The order of accuarcy that assembly is chosen will influence the analysis of demand; Therefore caused domestic consumer to be difficult to use, and the quality that assembly is chosen is determined to have certain subjective deviation by expert level.
Summary of the invention
Problem based on above-mentioned prior art existence; The present invention proposes a kind of security function assembly management method based on the CC standard; Demand for security analytical approach through utilize CC standard and grade to drive in the demand analysis stage of fail-safe software engineering is carried out choosing and adjusting of security function assembly based on recommendation degree index; To carry out the demand for security analysis more accurately, reduce the security breaches at software development initial stage.
The present invention proposes a kind of software security functional module management method,,, realize the recommendation and the adjustment of security function assembly, it is characterized in that this method may further comprise the steps based on the CC standard in the demand analysis stage of soft project based on the CC standard:
Step 1, will based in the assessment document in each field under the CC standards system to the description of threat information abstract analysis and concluding in addition, set up and threaten knowledge base;
Step 2 is recommended corresponding security function assembly set for threatening each the threat knowledge in the knowledge base in the step 1, sets up based on the threat knowledge of standard semanteme and the corresponding relation between the security function assembly; Recommend tentatively to recommend the security function assembly and the security function assembly is further screened according to the recommendation degree according to being divided into according to safe class; Wherein, Safe class is the standardized definition of a cover of the relevant safe class of input in advance; In this definition, set up simultaneously and the CC standard in corresponding relation between the security function assembly that provides, the recommendation degree is that a rank is to using the degree of support of certain security function assembly;
Step 3, set up security function assembly cost evaluation form to each security function component class, carry out the assembly adjustment according to the content of table; Evaluating basis in the cost evaluation form is realized the cost evaluation of the technology of using about the security function assembly.
Said description to threat information is the step of abstract analysis in addition, according to the precondition, the generation field that threaten, cause severity of consequence to take out 22 threat.
Said security function assembly add up to 251, threatening the corresponding relation of knowledge and security function assembly is many-one relationship.
Saidly tentatively recommend the security function assembly and according to the recommendation degree security function assembly is further screened according to safe class, this step is screened according to threshold value, comprises following processing:
In existing ST document, find similar document, then elect this document as main reference documents based on the CC standard; If there is not a similar document, according to the similarity of the systematic name of the name character string of speech string similarity formula computing system and existing ST document, choose wherein maximum one or several as main with reference to the ST document;
Set the weights α of main reference documents, then the reference weights of all the other documents are β=1-α, and promptly the reference weights Vm of main reference documents is 0 or 1, and the reference value Vo of other documents is drawn by statistics, then final reference weights V=α * Vm+ β * Vo;
Set the screening threshold gamma, when V selects this security function assembly during more than or equal to γ, otherwise reject;
Wherein α, β are the experience weighted value, and γ is an empirical value.
Said in existing ST document, find the step of similar document based on the CC standard before, also comprise classifying or set up the step of body to ST.
Compared with prior art; The present invention is starting point with the software security; At the initial stage of SDLC is that demand analysis stage has proposed to recommend and method of adjustment based on the security function assembly of CC standard; Consider software security function problem to reach, reduce the possibility that security breaches occur, improve the security of software at the initial stage of software system development.This method expection reaches following beneficial effect:
1, solves demand for security analysis initial stage user and lacked the security measurement index; Do not have when especially security function being analyzed can reference quantizating index; What cause is not enough to the demand for security attention degree, can't get rid of potential safety hazard in demand stage, finds the problem of leak as early as possible.
2, the demand for security analytical approach that the CC standard is provided is improved; Developer and user that feasible great majority do not have professional system safety analysis knowledge can both be convenient to use the CC standard system is carried out safety evaluation; Reduced degree of dependence, made the CC international standard to be used widely professional knowledge.
3, threatening knowledge base is the important component part of credible demanding criteria system, for the research of credible demand analysis is laid a good foundation.
4, realized semi-automatic, the security function assembly is chosen comparatively accurately, analyzes significant to demand for security.
Description of drawings
Fig. 1 chooses schematic flow sheet for the security function assembly.
Embodiment
Below in conjunction with accompanying drawing and preferred embodiment,, specify as follows according to embodiment provided by the invention, structure, characteristic and effect thereof.
Below in conjunction with accompanying drawing realization of the coding among the present invention and verification the verifying results are detailed.
It is as shown in Figure 1 that security function assembly of the present invention is chosen flow process; Comprise three processes; At first be the foundation of security threat knowledge base; Comprise that threat information is abstract and set up the recommendation relation between threat and the assembly, can be used as experimental knowledge after this process is accomplished and in concrete each specifically exploitation, use.Be in some specific system of being directed against then, the user has under the situation of safe class requirement, according to grade recommendation degree, on the assembly basis that first process is recommended, further recommends the security function assembly of being correlated with.Last in order to satisfy user or investor recommend to adjust selected assembly to the user to the specific requirement of the security of real system scheme; Consider concrete technology and security strategy by the demand for security analyst again, finally selected security function component description is become safe summary standard.Following mask body is introduced this three processes:
1, first process is the foundation that threatens knowledge base, and this process comprises following two concrete steps:
1) threatens knowledge abstraction
Threaten the abstract method of knowledge to be to use in the assessment document in each field under the CC standards system (comprising protection profile document PP, Security Target document ST) in addition abstract summary of the description of threat information; Analyze threat information precondition, cause many-sided factor such as result; Conclude, set up the threat information knowledge base.
2) foundation of threat knowledge and security function assembly corresponding relation
Through to the summary of the threat information that takes out with to the description of security component and the understanding of applicable elements, be that each that taken out in the last step threatens knowledge to propose the corresponding security function assembly set of recommending.
This process only need be carried out once in the process that whole demand for security is analyzed; After threatening knowledge and security function assembly corresponding relation to improve; Can be used as experimental knowledge uses; Can regularly the impend renewal of knowledge or replenish, and needn't in demand for security analytic process each time, all carry out.Through analysis to the safety assessment document accomplished, set up the mapping relations between rank and the security function assembly, wherein introduce the notion of recommendations degree, these knowledge can reduce the difficulty of analysis security function demand effectively.
2, second process is the recommended flowsheet of concrete security function assembly:
1) tentatively recommends the security function assembly according to safe class
Safe class is set up the standardized definition of a cover, and set up the corresponding relation between the security function assembly that provides in they and the CC standard.According to the pairing security function assembly of safe class (safe class is used as input in the method, the division of concrete grade, and the analytical approach that grade drives solves by related work, is not the discussion scope of this patent).
2) according to the recommendation degree security function assembly is further screened
To the analysis that demand for security is done, result's quality depends on the order of accuarcy of grade recommendation component table to a great extent.The use rank of some security function assemblies can not be confirmed under some situation in real system; It is strict fixing that but the method for grade and assembly mapping makes corresponding between grade and the assembly, has caused decline and the loss of dirigibility of the accuracy of demand for security analysis.
In order to address this problem, improve the accuracy and the rationality of demand for security grade recommend method, continue to improve mapping mechanism, can introduce the notion of recommendation degree.Recommend kilsyth basalt to levy a rank, introduce the recommendation degree and can make the more choose reasonable of adding in the process of selecting assembly using the degree of support of certain security function assembly.
3. the 3rd process is the adjustment of security function assembly:
Because above method has versatility; The security function assembly of being recommended might not satisfy user or investor to the security of real system or the specific requirement of funds aspect; For accuracy and the dirigibility that increases system, need adjust the right of selected assembly to the user.For the decision maker provides the enforcement cost value of each security function assembly and possible realization technical difficulty, effectively aid decision making person makes better judgement and adjustment, more reasonably divides the resource that is used in the fail-safe software engineering.Set up security function assembly cost evaluation form to each security function class, the user can carry out the assembly adjustment according to the content of table.
Below for the specific embodiment of technical scheme of the present invention:
One, threatens the abstract of knowledge
With reference to the threat knowledge in the assessment document in each field under the CC standards system (comprising protection profile document PP, Security Target document ST), according to the precondition, the generation field that threaten, cause severity of consequence, tentatively take out 22 threat.See attached list 1.
The abstract summary of table 1 threat information
Two, set up threat and security function assembly corresponding relation
The security function assembly add up to 251, therefore threatening the corresponding relation with the security function assembly is one-to-many.Shown in the following subordinate list 2, represented the corresponding relation of grade and 11 security function classes.The threat that possibly occur according to this grade can select corresponding security function assembly.
Table 2 threatens and security function class mapping table
Then, introduce second process in the technical scheme:
Grade and the security function assembly corresponding relation the requirement and the related work of grade accomplished according to the user.Can select the security function assembly under a certain grade, be strict fixing but the method for grade and assembly mapping makes corresponding between grade and the assembly, caused decline and the loss of dirigibility of the accuracy of demand for security analysis.The notion of introducing the recommendation degree improves the accuracy and the rationality of demand for security grade recommend method.Recommend kilsyth basalt levied a rank to the degree of support of using certain security function assembly shown in subordinate list 3:
Table 3 grade-security function assembly recommendation degree
Level?1 | Level?2 | Level?3 | Level?4 | |
FPT_RCV.1 | 0.5 | 1 | 1 | 1 |
FPT_ITA.1 | 0 | 0.75 | 1 | 1 |
Numerical value in the table is to adopt the way of probability statistics to calculate, statistics to as if the ST document (comprising part PP document) that provides of CC ANSI.For example the expression of 0.75 in table assembly appears among the PP or ST document that 4 demand levels can be divided into Level 2, wherein has 3 to adopt this assembly, and 1 is not used this assembly, statistical probability to 0.75.Adopt probabilistic method to be based on the simplicity of probabilistic method and computation model that assembly is chosen and be difficult to set up these 2 considerations.
Statistical method has obtained the recommendation degree, needs filtering algorithm to decide to meet which type of demand for security assembly to be selected, and the basic thought of filtering algorithm is that it is following to describe principles illustrated according to the threshold value screening:
If 1 system leaved for development can find similar document in existing ST document, then elect this document as main reference documents; Otherwise, according to the similarity of the systematic name of the name character string of speech string similarity formula computing system and existing ST document, choose wherein maximum one (perhaps several) as main with reference to the ST document;
2, set the weights α of main reference documents, then the reference weights of all the other documents are β=1-α.In general think that the suggestion that main reference documents provide more has reference value, the recommendation to assembly in the main reference documents is confirmed, is equivalent to have only 0 and 1 value, and promptly main reference documents value Vm is 0 or 1.The reference value Vo of other documents is drawn by statistics.Then final reference weights V=α * Vm+ β * Vo;
3, set the screening threshold gamma.When V selects this security function assembly during more than or equal to γ, otherwise reject.
Wherein α, β are the experience weighted value, and γ is an empirical value.If can be to the classifying or set up body of ST in the algorithm, resulting accuracy can also obtain continuing to improve.
Three, last, introduce the 3rd process in the technical scheme
Subordinate list 4 security function assembly cost evaluation forms
Numerical value in the table and demand for security grade also are the measured values of order yardstick seemingly, have characterized safe relative extent.Reason is that the security function assembly is to be in demand layer, is more abstract, and cost and being not easy is judged and is difficult to quantize intuitively.Therefore the cost of wanting determination component to implement must be understood what technology that in concrete realization, adopted, and uses such technology can bring great extra cost.The innovation of security implementation technology will change the enforcement cost of security function assembly.
In actual use, if the user is exactly the cost that the enforcement of security function assembly possibly need to the foundation that grade drives the results of screening adjustment.For example demand for security grade is Level 2 system does not choose the FIA_UAU.4 assembly through screening; But this assembly " requires authentication scheme to use disposable authentication data "; But partial function relates to financial transaction in the system; Be fit to adopt the method protection password authentification process of randomization keyboard, can increase this assembly according to actual needs.For example the FIA_UAU.5 assembly has been selected, this assembly " requirement provides and uses different authentication schemes, is the identity that specific incident is differentiated the user " after through the assembly screening by demand for security grade system that is Level 3 again.Because complicacy that different authentication schemes have caused using and potential technical difficulty, user or investor have relatively high expectations to a kind of verification technique wherein again simultaneously, can delete this demand for security functional module according to actual conditions.
Below with Security Target for Cisco IOS/IPSEC assessed be Cisco System Co. realization the internet operating system of router of ipsec protocol function be that the example explanation is recommended and method of adjustment based on the security function assembly of CC standard.IPSec is the framed structure of a kind of open standard of ITFE exploitation, through using the communication of security service safety to guarantee on Internet agreement (IP agreement) network, to maintain secrecy of encrypting.IPSec can be in the security of IP layer protected data; The principle of work of IPSec is: when the IP packet passes through un-trusted network; Router will be encrypted packet; And adding extra label at the ciphered data packet header, this label can be considered to the tunnel label of IPSec.The IPSec IP bag that just can need protection passes through unknown network like this.Another main points of ipsec protocol are netkey exchanges; Because when using ipsec protocol; Unreliable network by prior mark; Adjacent with it router all has certificate and supports ipsec protocol to prove them, through assert identity between this certificate route and carrying out key change.
Security function assembly according to based on the CC standard is recommended and the method for adjustment flow process; At first according to the scheme of testing; The threat of selecting to analyze among this ST of Security Target for Cisco IOS/IPSEC threatens as input, and the threat among this ST has only two as follows:
T.Attack: the assailant obtains System Privileges and revises the configuration of system;
T.Untrusted-Path: the assailant possibly reveal, revise or insert the attack of packet through incredible network to the data stream of route.
Need do pre-service to the threat among this ST here, threat name and the definition that does not meet in the threat knowledge base described in the threat that goes out that reason is among the ST and is analyzed.Handle the back and threaten quilt fractionation and combination as follows:
T.Information Leakage: data packets in data flows is revealed;
T.Replay: Replay Attack, promptly the assailant utilizes internuncial attack means to monitor or revise data stream;
T.UnauthorizedAccess: the assailant obtains System Privileges and revises the configuration of system.
T.Unauthorized Data Change: data are distorted or inserted to data packets in data flows.
Then according to above the corresponding relation of adjusted threat and threat and security function assembly, with the threat input system can be preliminary select the security function assembly set.
Select the demand for security grade then, if the description of grade is familiar with arriving the specific descriptions that grade knowledge displayed page is checked grade inadequately.In this experiment,,, select Level 3 as the demand for security grade of selecting from the angle of demand for security according to the environment for use of ipsec router.
And then according to these security function assemblies and given grade Level 3, and set each parameter value in the filtering algorithm, thus the security component that can obtain recommending is out gathered subordinate list 5.
The security function assembly set that subordinate list 5 instance middle grades are recommended
Numbering | Assembly | Numbering | Assembly |
1 | FCS_CKM.1 | 10 | FIA_UAU.4 |
2 | FCS_CKM.2 | 11 | FIA_UAU.5 |
3 | FCS_COP.1 | 12 | FIA_UAU.6 |
4 | FTP_ITC.1 | 13 | FIA_UAU.7 |
5 | FCO_NRO.2 | 14 | FCS_CKM.4 |
6 | FDP_UIT.1 | 15 | FDP_UCT.1 |
7 | FIA_UID.2 | 16 | FDP_IFC.1 |
8 | FIA_UAU.2 | 17 | FDP_IFF.1 |
9 | FIA_SOS.1 | 18 | FPT_TST.1 |
Claims (5)
1. the software security functional module management method based on the CC standard in the demand analysis stage of soft project, based on the CC standard, realizes the recommendation and the adjustment of security function assembly, it is characterized in that this method may further comprise the steps:
Step 1, will based in the assessment document in each field under the CC standards system to the description of threat information abstract analysis and concluding in addition, set up and threaten knowledge base;
Step 2 is recommended corresponding security function assembly set for threatening each the threat knowledge in the knowledge base in the step 1, sets up based on the threat knowledge of standard semanteme and the corresponding relation between the security function assembly; Recommend tentatively to recommend the security function assembly and the security function assembly is further screened according to the recommendation degree according to being divided into according to safe class; Wherein, Safe class is the standardized definition of a cover of the relevant safe class of input in advance; In this definition, set up simultaneously and the CC standard in corresponding relation between the security function assembly that provides, the recommendation degree is that a rank is to using the degree of support of certain security function assembly;
Step 3, set up security function assembly cost evaluation form to each security function component class, carry out the assembly adjustment according to the content of this table; Evaluating basis in the cost evaluation form is realized the cost evaluation of the technology of using about the security function assembly.
2. the software security functional module management method based on the CC standard as claimed in claim 1; It is characterized in that; Said description to threat information is the step of abstract analysis in addition, according to the precondition, the generation field that threaten, cause severity of consequence to take out 22 threat.
3. the software security functional module management method based on the CC standard as claimed in claim 1 is characterized in that, said security function assembly add up to 251, threatening the corresponding relation of knowledge and security function assembly is many-one relationship.
4. the software security functional module management method based on the CC standard as claimed in claim 1; It is characterized in that; Saidly tentatively recommend the security function assembly and according to the recommendation degree security function assembly is further screened according to safe class, this step is screened according to threshold value, comprises following processing:
In existing ST document, find similar document, then elect this document as main reference documents based on the CC standard; If there is not a similar document, according to the similarity of the systematic name of the name character string of speech string similarity formula computing system and existing ST document, choose wherein maximum one or several as main with reference to the ST document;
Set the weights α of main reference documents, then the reference weights of all the other documents are β=1-α, and promptly the reference weights Vm of main reference documents is 0 or 1, and the reference value Vo of other documents is drawn by statistics, then final reference weights V=α * Vm+ β * Vo;
Set the screening threshold gamma, when V selects this security function assembly during more than or equal to γ, otherwise reject;
Wherein α, β are the experience weighted value, and γ is an empirical value.
5. the software security functional module management method based on the CC standard as claimed in claim 4; It is characterized in that; Said in existing ST document, find the step of similar document based on the CC standard before, also comprise classifying or set up the step of body to ST.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012102236772A CN102799816A (en) | 2012-06-29 | 2012-06-29 | Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012102236772A CN102799816A (en) | 2012-06-29 | 2012-06-29 | Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102799816A true CN102799816A (en) | 2012-11-28 |
Family
ID=47198922
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012102236772A Pending CN102799816A (en) | 2012-06-29 | 2012-06-29 | Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102799816A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104850794A (en) * | 2015-05-28 | 2015-08-19 | 天津大学 | Software security level refining method based on uncertainty measurement theory and rough set |
CN104881606A (en) * | 2015-04-30 | 2015-09-02 | 天津大学 | Formalized modeling based software security requirement acquisition method |
CN107133521A (en) * | 2017-05-12 | 2017-09-05 | 天津大学 | Demand for security template construction method based on demand for security meta-model |
CN110457009A (en) * | 2019-07-06 | 2019-11-15 | 天津大学 | The implementation method of software security demand recommended models based on data analysis |
CN110750712A (en) * | 2019-09-10 | 2020-02-04 | 天津大学 | Software security requirement recommendation method based on data driving |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030004754A1 (en) * | 2001-04-06 | 2003-01-02 | Corbett Technologies, Inc. | Hipaa compliance systems and methods |
CN102236758A (en) * | 2011-07-26 | 2011-11-09 | 天津大学 | Security repository-based security requirement acquisition method |
CN102289619A (en) * | 2011-07-26 | 2011-12-21 | 天津大学 | Level-driving security demand analysis method |
-
2012
- 2012-06-29 CN CN2012102236772A patent/CN102799816A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030004754A1 (en) * | 2001-04-06 | 2003-01-02 | Corbett Technologies, Inc. | Hipaa compliance systems and methods |
CN102236758A (en) * | 2011-07-26 | 2011-11-09 | 天津大学 | Security repository-based security requirement acquisition method |
CN102289619A (en) * | 2011-07-26 | 2011-12-21 | 天津大学 | Level-driving security demand analysis method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104881606A (en) * | 2015-04-30 | 2015-09-02 | 天津大学 | Formalized modeling based software security requirement acquisition method |
CN104881606B (en) * | 2015-04-30 | 2017-12-26 | 天津大学 | Software security requirement acquisition method based on Formal Modeling |
CN104850794A (en) * | 2015-05-28 | 2015-08-19 | 天津大学 | Software security level refining method based on uncertainty measurement theory and rough set |
CN107133521A (en) * | 2017-05-12 | 2017-09-05 | 天津大学 | Demand for security template construction method based on demand for security meta-model |
CN110457009A (en) * | 2019-07-06 | 2019-11-15 | 天津大学 | The implementation method of software security demand recommended models based on data analysis |
CN110750712A (en) * | 2019-09-10 | 2020-02-04 | 天津大学 | Software security requirement recommendation method based on data driving |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jøsang et al. | Security usability principles for vulnerability analysis and risk assessment | |
US20140310151A1 (en) | Management of a line of credit or finance-related offer | |
EP2515496A1 (en) | System and method for generating trust among data network users | |
US20090125980A1 (en) | Network rating | |
CN102799816A (en) | Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation) | |
US20170230366A1 (en) | Method and device for verifying a trusted terminal | |
Seigneur | Trust, security and privacy in global computing | |
US20190281086A1 (en) | Auto-generated Synthetic Identities for Simulating Population Dynamics to Detect Fraudulent Activity | |
CN102333096A (en) | Creditworthiness control method and system for anonymous communication system | |
US11765153B2 (en) | Wireless LAN (WLAN) public identity federation trust architecture | |
CN102236758A (en) | Security repository-based security requirement acquisition method | |
Mbowe et al. | A conceptual framework for threat assessment based on organization’s information security policy | |
EP3361704A1 (en) | User data sharing method and device | |
CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
WO2016048129A2 (en) | A system and method for authenticating a user based on user behaviour and environmental factors | |
CN107948149B (en) | Random forest based strategy self-learning and optimizing method and device | |
CN105490987A (en) | Network integration identity authentication method | |
Liu et al. | A trusted access method in software-defined network | |
Flegel | Privacy-respecting intrusion detection | |
Waziri et al. | A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania | |
CN109873836A (en) | A kind of methods of risk assessment and device of data | |
Huang et al. | A hybrid decision approach to detect profile injection attacks in collaborative recommender systems | |
CN110955908A (en) | Early warning evaluation method and system for confidential files and intelligent terminal | |
De et al. | Trusted cloud-and femtocell-based biometric authentication for mobile networks | |
Guan et al. | Stride–based risk assessment for web application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121128 |