面向对象的威胁建模方法.pdf

37 4 2011 2 Vol.37 No.4 Computer Engineering February 2011 ·· 2011 A TP309 ( 300072) Approach to Object Oriented Threat Modeling HE Ke, LI Xiao-hong, FENG Zhi-yong (School of Computer Science and Technology, Tianjin University, Tianjin 300072, China) AbstractTo improve trustworthiness of software design, this paper presents an object oriented threat modeling approach. This approach captures not only threats existed in data flow, but also threats existed in control flow. To precisely evaluate threats, this approach adopts an attack path based evaluation method in terms of cost-effectiveness. According to the evaluation results, mitigation measures are designed and prioritized. Applying the mitigation measures to the design of software can effectively mitigate threats and enhance the security of applications. An object oriented threat modeling tool is implemented. A case study is given to demonstrate the approach. Key wordsthreat modeling; software security; object oriented DOI: 10.3969/j.issn.1000-3428.2011.04.008 1 UML UML 2002 [6] [1] 50 ()