The Design And Implementation Of Tool For Eliciting Software Security Requirement Based On Security Requirement Template

With the rapid development and deepen application of information technology in many society field,software security issues become increasingly worse.Secure software development has become the point of every trades.The study found that it is critical for early detection of security risks that eliciting security requirements in the requirement stage of software life cycle.This can ensure software security while reducing development and maintenance costs.However,the problem of lacking security requirements engineering methods and tools in software requirement engineering is still exists.Based on the standard ISO/IEC 15408(CC standard),this paper proposes a method for eliciting software security requirement based on secure requirement template.This paper uses meta-model theory,hypergraph model theory,security functional components verification techniques and methods to build security requirements eliciting method and develop supporting platforms.In constructing secure requirements template aspect,first,the security requirements meta-model is constructed based on the concepts involved in security requirements and meta-model theory.Second,a hypergraph model is constructed based on the security requirements meta-model and relationships between security functional components provided by the CC.And then the relationships between hyperedges are mined and got the reclassified component classes.Based on these reclassified component classes,some secure requirement templates are constructed.In constructing security requirements knowledge base aspect,according to the CC and IEEE STD 830-1998,this paper build an integrated security requirement knowledge base.Finally,according to the security requirement engineering theory and related technology,a method for eliciting software security requirements is proposed based on secure requirement templates and security requirement meta-model.A tool for eliciting software security requirements is developed based on this method.This paper introduces meta-model,hypergraph model and security functional components verification techniques into software security requirements engineering,which describes clearly the relationship between concepts involved in security requirement.We also solved the "co-means" the problem caused by natural language description of security functional components.This work also increased the availability of ISO/IEC 15408 in security requirements engineering and effectively balanced the contradiction between security and software development costs.In addition,this work effectively improved software quality and safety.