The Research On Software Security Concerns Modeling Method

With the vigorous development of the informatization construction,the software provide convenient and efficient service for people,at the same time,the security problems which are caused by the software vulnerability,defect and so on also makes the enterprise or user suffer a certain damage.Therefore,software security become the important premise that guarantee people’s life and work proceed normally.The thought of the software security refers to the software in the case of malicious attacks can still run correctly.In the early stages of software development attaches great importance to the security,which can minimize the threats and attacks and ensure the protection of the software itself.However,software developers and security experts are lack of in-depth understanding of each other domain knowledge,makes the realization of the software security is all the more difficult.Therefore,in urgent need of effective way to build a bridge between software developers and security experts.Based on the above research present situation,from the perspective of the attacker and the security experts,sums up the security concerns which the software developers need to,provides security concerns modeling and analysis method,mainly do the following:By reading literature and security standards which are related to security concerns and using the security repository,software security concerns classification scheme is put forward,which extracts concerns affecting the security of software.Aimed at the software developers have a comprehensive and macro understanding.to security concernsWith the aid of the advantage of attack tree that can be intuitive to the decomposition,observation and identification of the threat,using attack tree modeling threat of classification schemes,and combined with the ability of formal analysis and verification of Petri net,attack tree is converted to a Petri net.According to the crosscutting properties of security concerns itself,using aspect oriented Petri net to build security mitigation model.Providing a comprehensive guide for software developers and analyzing the security relationship between security concerns.Through analyzing shopping cart system to get the security concerns which is contained in the system,and using the above method to model threat of system and giving the security mitigation model,verifying the feasibility of the proposed method and practical value.