查詢結果分析
來源資料
頁籤選單縮合
題 名 | 軟體安全需求品質改善程序提升系統安全性之研究 |
---|---|
作 者 | 賴森堂; | 書刊名 | 電腦稽核 |
卷 期 | 30 2014.07[民103.07] |
頁 次 | 頁41-53 |
專 輯 | 資通安全治理與數位鑑識 |
分類號 | 312.76 |
關鍵詞 | 安全需求; 品質特性; 量測模式; Misuse cases; SRIQIP; Security requirement; Quality characteristic; Improvement procedure; |
語 文 | 中文(Chinese) |
中文摘要 | 早期的軟體工程技術著重於生產力與品質的提升,使用單位對系統需求則以功能為重心,完全忽略系統安全的重要性,ISO軟體品質架構中,安全性被視為低層級的次要特性,這完全不能符合資訊網路年代的系統。以use cases描述的功能需求,儼然已成為分析系統需求的一套標準,不過,對於非功能性的需求,目前並沒有一套統一且完善的分析與描繪方法,特別是安全需求,造成安全需求不易融入系統。本文針對misuse cases安全需求項目(Security Requirement Items; SRI)分析、表達方式與確認活動等進行討論,為了確保安全需求能夠具體落實系統中,SRI應具備溝通、確認及變動等特質,結合品質量測模式,本文提出一套SRI品質改善程序(SRI Quality Improvement Procedure; SRIQIP),協助適時標示SRI的品質缺失,且配合矯正作業持續改善SRI品質,以有效提升系統安全性。 |
英文摘要 | In early phase, software engineering technology emphasized software productivity and quality improvement. System user just was concerned about functional requirement and almost omitted the importance of system security. In ISO software quality architecture, security is regarded a sub-characteristic and belonged the functionality. It completely does not meet the e-commerce and internet age. Use cases almost is a standard for describing system functional requirement. However, security does not belong to functional requirement. Security requirement should use a suitable manner for describing and analyzing. In this paper, misuse cases security requirement items (SRI) analysis and specification are discussed. Major missions of SRI, quality characteristics of SRI and SRI quality factors collection are studied. Based on SRI quality measurement model, the paper proposes the SRI Quality Improvement Procedure (SRIQIP). Applying SRIQIP, quality defects of security requirement can be identified. With quality improvement operation, security requirement quality can be enhanced continuously and system security can be increased. |
本系統中英文摘要資訊取自各篇刊載內容。