基于安全模式的软件安全本体模型及推理
|
摘要
为解决软件系统中安全需求、应用环境和系统实现三者之间的语义鸿沟,指导用户在特定的应用环境下找到正确的安全解决方案,提出一种软件架构及设计阶段的安全解决方案,即软件安全模式的安全本体。对安全需求、安全模式以及应用环境进行语义建模,在此基础上定义推理规则,利用Jena推理机实现一个安全模式的查询系统。通过实例验证了该系统的有效性,为缺乏安全知识的软件开发人员提供了基于语义的安全知识的便捷查询服务。
To bridge the semantic gap among security requirement,application environment and system implementation,and guide the users to find the right security solutions in certain application environments,the security ontology was proposed to infer the security patterns which were the security solutions in architecture and design phases.A Jena based security pattern searching system was implemented by modeling semantic for security requirement,security pattern and application environment and defining inference rules.The examples show the validity of the proposed system,which provides the semantic security searching service for software developers.
To bridge the semantic gap among security requirement,application environment and system implementation,and guide the users to find the right security solutions in certain application environments,the security ontology was proposed to infer the security patterns which were the security solutions in architecture and design phases.A Jena based security pattern searching system was implemented by modeling semantic for security requirement,security pattern and application environment and defining inference rules.The examples show the validity of the proposed system,which provides the semantic security searching service for software developers.
引文
[1]WANG Beiyang.A survey on security requirements engineering research[J].Computer Applications and Software,2013,30(2):216-220(in Chinese).[汪北阳.安全需求工程研究综述[J].计算机应用与软件,2013,30(2):216-220.]
[2]JIN Ying,LIU Xin,ZHANG Jing.Research on eliciting security requirement method[J].Computer Science,2011,38(5):14-19(in Chinese).[金英,刘鑫,张晶.软件安全需求获取方法的研究[J].计算机科学,2011,38(5):14-19.]
[3]Fernandez-Buglioni E.Security patterns in practice:Designing secure architectures using software patterns[M].UK:John Wiley and Sons,2013.
[4]Souag A,Salinesi C,Mazo R,et al.A security ontology for security requirements elicitation[C]//International Symposium on Engineering Secure Software and Systems.Switzerland:Springer International Publishing,2015:157-177.
[5]Razzaq A,Anwar Z,Ahmad HF,et al.Ontology for attack detection:An intelligent approach to web application security[J].Computers&Security,2014,45(3):124-146.
[6]Solic K,Ocevic H,Golub M.The information systems’security level assessment model based on an ontology and evidential reasoning approach[J].Computer&Security,2015,55(C):100-112.
[7]Leenen L,Meyer T.Semantic technologies and big data analytics for cyber defence[J].International Journal of Cyber Warfare and Terrorism,2016,6(3):53-64.
[8]ZHU Yiquan,SHEN Guohua,HUANG Zhiqiu,et al.Research on semantic security policy matching in cloud computing[J].Journal of Chinese Computer Systems,2015,36(11):2451-2456(in Chinese).[朱羿全,沈国华,黄志球,等.云计算环境中支持语义的安全策略匹配研究[J].小型微型计算机系统,2015,36(11):2451-2456.]
[9]Schumacher M,Fernandez-Buglioni E,Hybertson D,et al.Security Patterns:Integrating security and systems engineering[M].UK:John Wiley and Sons,2013.
[10]Bunke M,Koschke R,Sohr K.Organizing security patterns related to security and pattern recognition requirements[J].International Journal on Advances in Security,2012,5(1):46-61.
[11]EI Khoury P,Mokhtari A,Coquery E,et al.An ontological Interface for software developers to select security patterns[C]//International Workshop on Database and Expert Systems Application.Italy:IEEE,2008:297-301.
[12]Guan H,Yang H,Wang J.An ontology-based approach to security pattern selection[J].International Journal of Automation and Computing,2016,13(2):168-182.
[13]Guan H,Wang X,Yang H.A framework for security driven software evolution[C]//International Conference on Automation and Computing.UK:IEEE,2014:194-199.
[14]Fenz S,Plieschnegger S,Hobel H.Mapping information security standard ISO 27002to an ontological structure[J].Information&Computer Security,2016,24(5):452-473.
[2]JIN Ying,LIU Xin,ZHANG Jing.Research on eliciting security requirement method[J].Computer Science,2011,38(5):14-19(in Chinese).[金英,刘鑫,张晶.软件安全需求获取方法的研究[J].计算机科学,2011,38(5):14-19.]
[3]Fernandez-Buglioni E.Security patterns in practice:Designing secure architectures using software patterns[M].UK:John Wiley and Sons,2013.
[4]Souag A,Salinesi C,Mazo R,et al.A security ontology for security requirements elicitation[C]//International Symposium on Engineering Secure Software and Systems.Switzerland:Springer International Publishing,2015:157-177.
[5]Razzaq A,Anwar Z,Ahmad HF,et al.Ontology for attack detection:An intelligent approach to web application security[J].Computers&Security,2014,45(3):124-146.
[6]Solic K,Ocevic H,Golub M.The information systems’security level assessment model based on an ontology and evidential reasoning approach[J].Computer&Security,2015,55(C):100-112.
[7]Leenen L,Meyer T.Semantic technologies and big data analytics for cyber defence[J].International Journal of Cyber Warfare and Terrorism,2016,6(3):53-64.
[8]ZHU Yiquan,SHEN Guohua,HUANG Zhiqiu,et al.Research on semantic security policy matching in cloud computing[J].Journal of Chinese Computer Systems,2015,36(11):2451-2456(in Chinese).[朱羿全,沈国华,黄志球,等.云计算环境中支持语义的安全策略匹配研究[J].小型微型计算机系统,2015,36(11):2451-2456.]
[9]Schumacher M,Fernandez-Buglioni E,Hybertson D,et al.Security Patterns:Integrating security and systems engineering[M].UK:John Wiley and Sons,2013.
[10]Bunke M,Koschke R,Sohr K.Organizing security patterns related to security and pattern recognition requirements[J].International Journal on Advances in Security,2012,5(1):46-61.
[11]EI Khoury P,Mokhtari A,Coquery E,et al.An ontological Interface for software developers to select security patterns[C]//International Workshop on Database and Expert Systems Application.Italy:IEEE,2008:297-301.
[12]Guan H,Yang H,Wang J.An ontology-based approach to security pattern selection[J].International Journal of Automation and Computing,2016,13(2):168-182.
[13]Guan H,Wang X,Yang H.A framework for security driven software evolution[C]//International Conference on Automation and Computing.UK:IEEE,2014:194-199.
[14]Fenz S,Plieschnegger S,Hobel H.Mapping information security standard ISO 27002to an ontological structure[J].Information&Computer Security,2016,24(5):452-473.