Security Requirement Analytical Method Combining Cc Standard Based On An Extension Of Activity Diagram

With the continuous development of computer software application, the demand on the safety and reliability of software is higher and higher by people, how to ensure the safety of the software in the development process becomes a very important issue that software engineering must overcome. This paper considers the security factors during requirement analysis phase, studies the security requirement analysis method and tool based on the UML activity diagram.This paper proposes a kind of security requirement analytical method combining CC standard based on an extension of activity diagram. Takes the activity diagrams of the project as analysis sources, elicits the object nodes from activity diagrams to get assets information; analyzes the action nodes to obtain the threat information that focus on these assets; for combating against these threats, get security objectives combining CC standard security functions class, and gradually thinning for safety requirements. Finally, imports the security information into a custom template to get the security requirement documents. In addition, this paper defines security activity diagram meta-modes through an extension of the activity diagram models. This makes the security information involved in the activity diagram graphically for developers to view and analysis, in order to guide the subsequent development software.In order to carry out the security requirements analysis method being proposed, this paper designed and realized a security requirements analysis tools, and demonstrate the availability and practicability of this method through a case.The proposition of the security requirement analysis method and the realization of the security requirements analysis tool can help the analyst to extract security demand effectively. The security requirement document and security activity diagrams generated can be used as a safety guiding principles for subsequent development. As part of the security software development environment, this work has played a very important role for constructing safety reliable software.