A Knowledge Based Threat Analysis in Trustworthy Software Engineering
In recent years, the security of software becomes one significant feature of software. This paper improves trustworthy software engineering through a knowledge based expert system. We propose the knowledge collection and organization method, and threats analyzing algorithm in detail which are the kernel of the expert system. The software threat information is divided into threat state and exploit, and stored in the knowledge database together with the state production and exploit production representing the relationships between threat state and exploit. The threat analysis calculates the threat degree quantitatively of an application based on this knowledge in a formal way and give security advice to mitigate threats. Our method can reduce the work of an experienced security expert which is time consuming and economic costly, therefore popularizes the trustworthy software engineering.
Trustworthy software Software security Threat modeling Expert System
Xiaohong Li Fengxu Liu Zhiyong Feng Jinliang Xing
Computer Science and Technology, Tianjin University,Tianjin, 300000,China
国际会议
合肥
英文
3177-3180
2011-09-23(万方平台首次上网日期,不代表论文的发表时间)