摘要
为了构建更加安全的软件,搭建软件开发人员和安全专家之间的桥梁,软件安全关注点的建模受到越来越多的关注。针对攻击树和Petri网各自的建模优势,提出基于攻击树的Petri网模型,旨在对软件安全关注点中的安全威胁进行建模,并利用面向方面Petri网对模型进行缓解和分析,为软件开发人员提供简单直观且便于自动化分析的模型。
In order to establish a more secure software and build the bridge between software developers and security experts, the research on software security concerns modeling is becoming more and more impoitant. According to advantages of attack tree and of Petri nets separately, proposes the software security concerns modeling approach based on Petri net and attack tree, aims at modeling the security threat of software security concerns,and by using aspect-oriented petri nets to mitigate and analyse the model, provides a simple and intuitive modeling for software developers.