基于CC标准的等级驱动安全需求分析方法
|
摘要
随着互联网的迅速发展和计算机应用普及,人们对IT产品的可信需求越来越高,其中软件安全性显得尤为重要。然而对于软件安全的研究多数集中在软件的实现过程中,致使软件需求阶段的安全问题长期处于不被重视的地位。据统计数据显示,相当比例的软件安全问题出现在软件需求阶段。而且在软件开发领域中越早解决安全问题所花费的代价也将越小。
CC标准为解决软件安全需求阶段的问题提供了指导和帮助,基于CC标准分析安全需求也逐渐成为研究的共识,但是标准提出的安全需求分析方法存在着对专家知识依赖程度过高的问题。据此本文提出了安全需求等级驱动的CC标准安全功能组件选取方法,引入了安全需求等级的概念,提供了等级的划分方法和筛选安全功能组件的机制,建立起一套完整的安全需求分析的工程方法,能够为不同安全需要的系统提供不同程度的推荐组件,最终达到降低CC标准使用门槛和实现安全过程部分自动化的目标。文章还结合实际案例对等级驱动的安全需求分析方法中的每个活动都进行了详细阐述,通过与实际的安全需求分析的结果进行比照,验证了等级驱动方法的有效性。
课题搭建了等级驱动的安全需求分析的基础架构,为实现基于国际标准的软件安全需求分析提供了有力的支持。同时也为将来的工作提供了研究基础。
With the rapid development of the Internet and the popularization of computer applications, the software security is more and more important. However,most software security research is concentrated in the coding process of software. The safety problems in the software requirement stage are neglected for long time. Recently the statistical data has shown that a considerable proportion of the security problems are caused in software requirement phase. It is popular agreed that in the field of software development the earlier problem solved the less cost will be spent.
Common Criteria can provide guidance and help to solve the problems in software security requirements phase. However, the security requirement analysis method provided by the Common Criteria is highly dependent on expert knowledge. This paper proposes a level driven security requirement analysis method based on Common Criteria standard to fulfill the different security needs for different systems. This paper introduces the security requirement levels and the mechanism of dividing levels. Then this paper describes the whole process to analysis the security requirement in details. Our analysis method can ease the analysis process and lower the threshold of using Common Criteria. To validate this method, we build a tool which implements the method. At last, compare with an actual security requirement analysis we prove the correctness of our method and analysis the existing problems.
The paper introduces theory of the level driven requirements analysis method based on CC standard and its engineering system which support the international standards of the software security requirement. At the same time, but also it provide a theoretical basis for the future work.
CC标准为解决软件安全需求阶段的问题提供了指导和帮助,基于CC标准分析安全需求也逐渐成为研究的共识,但是标准提出的安全需求分析方法存在着对专家知识依赖程度过高的问题。据此本文提出了安全需求等级驱动的CC标准安全功能组件选取方法,引入了安全需求等级的概念,提供了等级的划分方法和筛选安全功能组件的机制,建立起一套完整的安全需求分析的工程方法,能够为不同安全需要的系统提供不同程度的推荐组件,最终达到降低CC标准使用门槛和实现安全过程部分自动化的目标。文章还结合实际案例对等级驱动的安全需求分析方法中的每个活动都进行了详细阐述,通过与实际的安全需求分析的结果进行比照,验证了等级驱动方法的有效性。
课题搭建了等级驱动的安全需求分析的基础架构,为实现基于国际标准的软件安全需求分析提供了有力的支持。同时也为将来的工作提供了研究基础。
With the rapid development of the Internet and the popularization of computer applications, the software security is more and more important. However,most software security research is concentrated in the coding process of software. The safety problems in the software requirement stage are neglected for long time. Recently the statistical data has shown that a considerable proportion of the security problems are caused in software requirement phase. It is popular agreed that in the field of software development the earlier problem solved the less cost will be spent.
Common Criteria can provide guidance and help to solve the problems in software security requirements phase. However, the security requirement analysis method provided by the Common Criteria is highly dependent on expert knowledge. This paper proposes a level driven security requirement analysis method based on Common Criteria standard to fulfill the different security needs for different systems. This paper introduces the security requirement levels and the mechanism of dividing levels. Then this paper describes the whole process to analysis the security requirement in details. Our analysis method can ease the analysis process and lower the threshold of using Common Criteria. To validate this method, we build a tool which implements the method. At last, compare with an actual security requirement analysis we prove the correctness of our method and analysis the existing problems.
The paper introduces theory of the level driven requirements analysis method based on CC standard and its engineering system which support the international standards of the software security requirement. At the same time, but also it provide a theoretical basis for the future work.
引文
[1]Charles B. Haley, Robin Laney, Jonathan D. Moffett, Security Requirements Engineering: A Framework for Representation and Analysis, Digital Object Indentifier 10.1109/TSE.2007.
[2]Applying a Security Requirements Engineering Process, in ESORICS 2006, LNCS 4189,2006.
[3]Mead, E. Hough, and T. Stehney. Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005.
[4]Mellado, Daniel; Fernandez-Medina, Eduardo; Piattini, Mario. A common criteria based security requirements engineering process for the development of secure information systems[C], Computer Standards & Interfaces 29 (2007) 244–253
[5]Yubo Jia, Chengwei Huang, Hao Cai. A comparison of three agent-oriented software development methodologies: MaSE, Gaia, and Tropos. Information, Computing and Telecommunication, 2009.
[6]Jonathan D. Moffett, Charles B. Haley, Bashar Nuseibeh. Security Requirements Engineering: A Framework for Representation and Analysis. Software Engineering, IEEE Transactions, 2008.
[7]Gregoire, Buyens, De Win, Scandariato, Joosen, W. On the Secure Software Development Process: CLASP and SDL Compared. Software Engineering for Secure Systems, 2007.
[8]ISO/IEC JTC1/SC27,Information technology-Security techniques-Evaluation criteria for IT security, ISO/IEC 15408: 2008(Common Criteria v3.0)[S], 2008.
[9]van Lamsweerde,―Elaborating Security Requirements by Construction of Intentional Anti-Models‖, Proc. ICSE’04: 26th Intl. Conf. on Software Engineering, May 2004.
[10]Alexander, I. Misuse cases: use cases with hostile intent. IEEE Software, 20(1), 58-66, 2003.
[11]Sommerville, Kotonya. Integrating safety analysis and requirements engineering. Asia Pacific and International Computer Science Conference , 1997.
[12]Donald G. Firesmith, Firesmith Consulting. Engineering Security Requirements. JOURNAL OF OBJECT TECHNOLOGY Vol. 2, No. 1, January-February 2003
[13]Kul Bhasin, Jeffrey Hayden. Developing Architectures and Technologies for an Evolvable NASA Space Communication Infrastructure. AIAA ICSSC, 2004.
[14]Elahi, G., Yu, E. S. K., & Zannone, N. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering, DOI: 10.1007/s00766-009-0090-z, 2009.
[15]Jing Du, Ye Yang, Qing Wang. An Analysis for Understanding Software Security Requirement Methodologies. Secure Software Integration and Reliability Improvement, 2009.
[16]Jurjens, Schreck, Bartmann. Model-based security analysis for mobile communications. ICSE '08. ACM/IEEE 30th International Conference, 2008.
[17]An Aspect-Oriented Approach to Security Requirements Analysis[C], Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC'06).
[18]Yu, E. S. K. Towards modeling and reasoning support for early-phase requirements engineering. Proceedings of the 3rd IEEE International Symposium on Requirements Engineering. RE 1997.
[19]Yu E. S. K. Modeling strategic relationships for process reengineering. PhD thesis, University of Toronto, 1995.
[20]G. Sindre and A.L. Opdahl, Eliciting Security Requirements by Misuse Cases, Proc. Conf. Technology of Object-Oriented Languages and Systems, 2000.
[21]Edge, Dalton, Raines, Mills. Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security. Military Communications Conference, 2006.
[22]Bartlett, Andrews. Choosing a heuristic for the "fault tree to binary decision diagram" conversion, using neural networks. IEEE Transactions on Reliability, 2002.
[23]Qi Yong, Xiao Long, Li Qianmu. Information Security Risk Assessment Method Based on CORAS Frame. Computer Science and Software Engineering, 2008.
[24]van Lamsweerde. Elaborating security requirements by construction of intentional anti-models. Software Engineering, 2004.
[25]SecureUML: a UML based modeling language for model-driven security[C]. In: Proceedings of the 5th international conference on the uni?ed modeling language (UML’02), 2002.
[26]UMLsec:Extending UML for secure systems development[C],in UML 2002,2002
[27]Daniel Mellado, Eduardo Fernandez-Medina, Mario Piattini. A Comparison of the Common Criteria with Proposal of Information Systems Security Requirements.(HASE’04).
[28]Morais, Martins, Cavalli, Jimenez. Security Protocol Testing Using Attack Trees. Computational Science and Engineering, 2009.
[29]Gary McGraw, gem, Misuse and Abuse Cases: Getting Past the Positive, IEEE SECURITY & PRIVACY, 2004.
[30]Common Criteria Portal , http://www.commoncriteriaportal.org/
[31]GB/T 17859-1999,计算机信息系统安全保护等级划分准则[S].
[32]GB/T 24856-2009,信息安全技术信息系统等级保护安全设计技术要求[S].
[33]CISCO Systems Inc. Security Target for Cisco IOS/IPSEC, Common Criteria Portal, USA. September 2002.
[2]Applying a Security Requirements Engineering Process, in ESORICS 2006, LNCS 4189,2006.
[3]Mead, E. Hough, and T. Stehney. Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005.
[4]Mellado, Daniel; Fernandez-Medina, Eduardo; Piattini, Mario. A common criteria based security requirements engineering process for the development of secure information systems[C], Computer Standards & Interfaces 29 (2007) 244–253
[5]Yubo Jia, Chengwei Huang, Hao Cai. A comparison of three agent-oriented software development methodologies: MaSE, Gaia, and Tropos. Information, Computing and Telecommunication, 2009.
[6]Jonathan D. Moffett, Charles B. Haley, Bashar Nuseibeh. Security Requirements Engineering: A Framework for Representation and Analysis. Software Engineering, IEEE Transactions, 2008.
[7]Gregoire, Buyens, De Win, Scandariato, Joosen, W. On the Secure Software Development Process: CLASP and SDL Compared. Software Engineering for Secure Systems, 2007.
[8]ISO/IEC JTC1/SC27,Information technology-Security techniques-Evaluation criteria for IT security, ISO/IEC 15408: 2008(Common Criteria v3.0)[S], 2008.
[9]van Lamsweerde,―Elaborating Security Requirements by Construction of Intentional Anti-Models‖, Proc. ICSE’04: 26th Intl. Conf. on Software Engineering, May 2004.
[10]Alexander, I. Misuse cases: use cases with hostile intent. IEEE Software, 20(1), 58-66, 2003.
[11]Sommerville, Kotonya. Integrating safety analysis and requirements engineering. Asia Pacific and International Computer Science Conference , 1997.
[12]Donald G. Firesmith, Firesmith Consulting. Engineering Security Requirements. JOURNAL OF OBJECT TECHNOLOGY Vol. 2, No. 1, January-February 2003
[13]Kul Bhasin, Jeffrey Hayden. Developing Architectures and Technologies for an Evolvable NASA Space Communication Infrastructure. AIAA ICSSC, 2004.
[14]Elahi, G., Yu, E. S. K., & Zannone, N. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering, DOI: 10.1007/s00766-009-0090-z, 2009.
[15]Jing Du, Ye Yang, Qing Wang. An Analysis for Understanding Software Security Requirement Methodologies. Secure Software Integration and Reliability Improvement, 2009.
[16]Jurjens, Schreck, Bartmann. Model-based security analysis for mobile communications. ICSE '08. ACM/IEEE 30th International Conference, 2008.
[17]An Aspect-Oriented Approach to Security Requirements Analysis[C], Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC'06).
[18]Yu, E. S. K. Towards modeling and reasoning support for early-phase requirements engineering. Proceedings of the 3rd IEEE International Symposium on Requirements Engineering. RE 1997.
[19]Yu E. S. K. Modeling strategic relationships for process reengineering. PhD thesis, University of Toronto, 1995.
[20]G. Sindre and A.L. Opdahl, Eliciting Security Requirements by Misuse Cases, Proc. Conf. Technology of Object-Oriented Languages and Systems, 2000.
[21]Edge, Dalton, Raines, Mills. Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security. Military Communications Conference, 2006.
[22]Bartlett, Andrews. Choosing a heuristic for the "fault tree to binary decision diagram" conversion, using neural networks. IEEE Transactions on Reliability, 2002.
[23]Qi Yong, Xiao Long, Li Qianmu. Information Security Risk Assessment Method Based on CORAS Frame. Computer Science and Software Engineering, 2008.
[24]van Lamsweerde. Elaborating security requirements by construction of intentional anti-models. Software Engineering, 2004.
[25]SecureUML: a UML based modeling language for model-driven security[C]. In: Proceedings of the 5th international conference on the uni?ed modeling language (UML’02), 2002.
[26]UMLsec:Extending UML for secure systems development[C],in UML 2002,2002
[27]Daniel Mellado, Eduardo Fernandez-Medina, Mario Piattini. A Comparison of the Common Criteria with Proposal of Information Systems Security Requirements.(HASE’04).
[28]Morais, Martins, Cavalli, Jimenez. Security Protocol Testing Using Attack Trees. Computational Science and Engineering, 2009.
[29]Gary McGraw, gem, Misuse and Abuse Cases: Getting Past the Positive, IEEE SECURITY & PRIVACY, 2004.
[30]Common Criteria Portal , http://www.commoncriteriaportal.org/
[31]GB/T 17859-1999,计算机信息系统安全保护等级划分准则[S].
[32]GB/T 24856-2009,信息安全技术信息系统等级保护安全设计技术要求[S].
[33]CISCO Systems Inc. Security Target for Cisco IOS/IPSEC, Common Criteria Portal, USA. September 2002.