Computer Aided Threat Identification

机译：计算机辅助威胁识别

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Recently, there has been an increase of reported security threats hitting organizations. Some of them are originated from the assignments to users of inappropriate permissions on organizational sensitive data. Thus it is crucial for organizations to recognize as early as possible the risks deriving by inappropriate access right management and to identify the solutions that they need to prevent such risks. In this paper, we propose a framework to identify threats during the requirements analysis of organizations' IT systems. With respect to other works which have attempted to include security analysis into requirement engineering process (e.g., KAOS, Elahi et al., Asnar et al.), our framework does not rely on the level of expertise of the security analyst to detect threats but allows to automatically identify threats that derive from inappropriate access management. To capture the organization's setting and the system stakeholders' requirements, we adopt SI* [1], a requirement engineering framework founded on the concepts of actors, goals, tasks and resources. This framework extends SI* with a reasoning technique that identifies potential security threats on resources and relevant goals. The reasoning is based on Answer Set Programming (ASP) logic rules that take into account the relationships between resources and the delegation of permission relations between actors. We illustrate this framework using an eHealth scenario.

机译：最近，据报道，对组织造成威胁的安全威胁有所增加。其中一些源自对组织敏感数据的不适当权限分配给用户。因此，对于组织来说，尽早识别因不适当的访问权限管理而带来的风险并找出防止此类风险所需的解决方案至关重要。在本文中，我们提出了一个在组织的IT系统的需求分析过程中识别威胁的框架。对于其他尝试将安全性分析纳入需求工程流程的工作（例如KAOS，Elahi等人，Asnar等人），我们的框架并不依靠安全性分析人员的专业知识来检测威胁，而是允许自动识别源于不当访问管理的威胁。为了捕获组织的设置和系统涉众的需求，我们采用SI * [1]，这是一个基于参与者，目标，任务和资源的概念的需求工程框架。该框架通过一种推理技术扩展了SI *，该推理技术可识别对资源和相关目标的潜在安全威胁。推理基于答案集编程（ASP）逻辑规则，该规则考虑了资源之间的关系以及参与者之间的权限关系的委派。我们使用eHealth场景说明了此框架。

著录项

来源
《13th IEEE International Conference on Commerce and Enterprise Computing》|2011年|p.145-152|共8页
会议地点
作者
Asnar Yudis; Li Tong; Massacci Fabio; Paci Federica;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词

相似文献

外文文献
中文文献
专利

1. Root morphology and anatomical patterns in forensic dental identification: a comparison of computer-aided identification with traditional forensic dental identification. [J] . van der Meer DT, Brumit PC, Schrader BA, Journal of forensic sciences. . 2010,第6期

机译：法医牙齿鉴定中的根形态和解剖模式：计算机辅助鉴定与传统法医牙齿鉴定的比较。
2. Computer-aided identification of mechanical system's technical state with the aid of case-based reasoning [J] . Olga A. Nikolaychuk, Alexander Y. Yurin Expert systems with applications . 2008,第1期

机译：基于案例推理的机械系统机械状态计算机辅助识别
3. To Computer-Aided Design and Manufacturing or Not to Computer-Aided Design and Manufacturing? Free Fibula Flap With Computer-Aided Technique for Mandibular Reconstruction [J] . Zavattero Emanuele, Garzino-Demo Paolo, Fasolis Massimo, The Journal of craniofacial surgery . 2015,第3期

机译：进行计算机辅助设计与制造还是不进行计算机辅助设计与制造？利用计算机辅助技术进行游离腓骨皮瓣修复下颌骨
4. A Problem-Based Approach for Computer-Aided Privacy Threat Identification [C] . Kristian Beckers, Stephan Fassbender, Maritta Heisel, Annual Privacy Forum . 2014

机译：基于问题的计算机辅助隐私威胁识别方法
5. Computer vision for computer-aided microfossil identification. [D] . Harrison, Adam P. 2010

机译：用于计算机辅助微化石识别的计算机视觉。
6. Efficacy of Computer-Aided Design and Manufacturing Versus Computer-Aided Design and Finite Element Modeling Technologies in Brace Management of Idiopathic Scoliosis: A Narrative Review [O] . Shahrbanoo Bidari, Mojtaba Kamyab, Hassan Ghandhari, 2021

机译：计算机辅助设计和制造与计算机辅助设计和有限元建模技术在特发性脊柱脊柱侧凸的支撑管理中的疗效：叙事评论
7. Computer Aided Threat Identification [O] . Yudistira Asnar, Tong Li, Fabio Massacci, 2016

机译：计算机辅助威胁识别
8. Computer Simulation Modeling: A Method for Predicting the Utilities of Alternative Computer-Aided Threat Evaluation Algorithms. [R] . Ainsworth, J. S., Kubala, S. 1990

机译：计算机仿真建模：一种预测备用计算机辅助威胁评估算法实用程序的方法。

Computer Aided Threat Identification

摘要

著录项

相似文献

相关主题

期刊订阅