基于MBSE的信息管理系统安全识别设计  被引量:3

Design of information management system with security identification based on MBSE

在线阅读下载全文

作  者:代雨婷 Dai Yuting(School of Computer Science,Chengdu Normal University,Chengdu 611130,China)

机构地区:[1]成都师范学院计算机科学学院,四川成都611130

出  处:《系统工程学报》2023年第2期235-244,282,共11页Journal of Systems Engineering

摘  要:针对采用基于模型的系统工程(MBSE)实现复杂系统研发时,缺少安全性分析与识别的问题,以高校信息管理系统为例,提出一种安全需求建模方法,选择SysML作为建模语言,采用Cameo System Modeler作为建模工具,使用模型驱动的OOSEM方法进行模型搭建,将安全识别整合到MBSE设计中来.首先,完成高校信息管理的环境构建,以教师申请职称评定为例,构建其白盒活动图,完成各部门解耦,提高系统设计效率,降低用户业务处理迭代次数;随后对安全相关概念进行定义,在系统设计早期进行安全需求设计,建立风险和威胁模型,通过攻击案例分析,进行风险处理.将安全问题识别纳入早期设计过程,减少系统设计的风险与成本,为软件开发提供参考.Security analysis and identification should be dealt with in the design of complex systems using modelbased systems engineering(MBSE).Taking the University information management system as an example,a security requirements modeling method is proposed to integrate the MBSE with security identification.SysML is selected as the modeling language,Cameo System Modeler is the modeling tool,and the model-driven OOSEM is used as the modeling method.Firstly,the information management environment is constructed.Using the professional title assessment for university teachers as a sample,the activity graph of white box is constructed,the decoupling among different departments is achieved,design efficiency of system is enhanced,and iteration times of business process is decreased.Meanwhile,by defining security domain concepts,security requirements are designed at the early phase of system design.With risk and threat models,a risk treatment is carried out through attack case analysis.Considering security identification in the early design process can mitigate the risk and cost of system design,and provide reference for software designers.

关 键 词:基于模型的系统工程 系统建模语言 信息管理系统 解耦 安全识别 

分 类 号:TP273[自动化与计算机技术—检测技术与自动化装置]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象