| With the development of internet, the security of software becomes the focus. How to consider the security during the developing process and develop secure software have been the hotpots for software engineering. By studying the bug detection during software requirements, this paper gives a model for detecting bug based on attack pattern and abuse case, and develops a corresponding tool. The tool can detect bugs during software requirements and gives mitigation.By distinguish the concept of the functional and security requirements, this paper gives a method on how to get the security requirements from attack pattern, and model it with formalization. Based on the formalization of the attack pattern by Z notation, we decompose the use cases in the use case diagram, and get the detailed information, and then give the description of how to get security requirements by attack pattern using Z notation and Petri net. Besides, we also give an abuse case base by getting some attributes from attack pattern.Based on the model of above, this paper designs and complements a platform for security requirements, which is composed of use case scanning tool and library. The library is modeled with XML, and the scanning tool is used to scan the use case diagram and gets the relations of the use case. After scanning, it gives the abuse case according the use case name and its executing steps comparing to the library, and then give the mitigation according to attack pattern. And we also give an eclipse help plug-in which help developers to learn the platform and search information they need.To sum up, the model and tool help developers a lot. All of this decreases the time and cost of developments and improves the security of software. |
PDF Full Text Request