安全图和 UML
我想绘制一个图表来显示应用程序的安全性。
哪种 UML 图最常用于此任务?
是否有通常用于此任务的非 UML 图?
I want to draw up a diagram that will show the security of the application.
What UML diagram is most typically used for this task?
Is there a non UML diagram that is typically used for this task instead?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
SDL 威胁建模工具 3.1.8 是 Visio 的附加组件
http://www.microsoft.com/download/en /details.aspx?displaylang=en&id=2955
SDL Threat Modeling Tool 3.1.8 is an add-on to Visio
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=2955
开玩笑地说,不要对应用程序的安全性进行建模。相反,对应用程序的安全性进行建模。您可以从应用程序功能(用例)、逻辑组件结构和物理部署的良好模型开始,但使用安全方法而不是 UML,UML 侧重于记录现有内容,而不是可能缺少的内容。 攻击树分析,至少在安全思想家(一个他像攻击者而不是防御者一样思考),倾向于识别大量漏洞并提出可能的补救措施。
请注意,系统的创建者很少是进行安全分析的最佳人选:我们往往会过度保护我们的孩子。你应该随时回答问题,但不要急于证明自己是对的。
To be a bit facetious, don't model the security of your application. Model the *in*security of your application instead. You can start with good models of your application's functionality (use cases), logical component structure and physical deployment, but use security methodologies instead of UML, which is focused on documenting what is there, rather than on what may be missing. Attack tree analysis, at least in the hands of a security thinker (one who thinks like an attacker rather than a defender), tends to identify quite a lot of vulnerabilities and suggest possible remedies.
Be aware that the creator of a system seldom is the best person to do a security analysis: we tend to be over-protective of our babies. You should be at hand to answer questions, but not be out to prove yourself right.
我认为您应该使用从所需角度描述系统的图表(部署图、类图、协作图等),并使用构造型将安全属性分配给适当的对象。
I think you should use the diagram that describes the system from the desired prespective (deployment diagram, class diagram, collaboration diagram etc.) and used stereotypes to assign security properties to appropriate objects.