| 发明名称 | Security threat identification/testing using annotated sequence diagrams | ||
| 摘要 | Embodiments provide apparatuses and methods supporting software development teams in identifying potential security threats, and then testing those threats against under-development scenarios. At design-time, embodiments identify potential threats by providing sequence diagrams enriched with security annotations. Security information captured by the annotations can relate to topics such as security goals, properties of communications channels, environmental parameters, and/or WHAT-IF conditions. The annotated sequence diagram can reference an extensible catalog of functions useful for defining message content. Once generated, the annotated sequence diagram can in turn serve as a basis for translation into a formal model of system security. At run-time, embodiments support development teams in testing, by exploiting identified threats to automatically generate and execute test-cases against the up and running scenario. The security annotations may facilitate detection of subtle flaws in security logic, e.g., those giving rise to Man-in-the-middle, authentication, and/or confidentiality issues in software under-development. | ||
| 申请公布号 | US9565201(B2) | 申请公布日期 | 2017.02.07 |
| 申请号 | US201514667363 | 申请日期 | 2015.03.24 |
| 申请人 | SAP SE | 发明人 | Compagna Luca;Ponta Serena |
| 分类号 | H04L29/06;G06F21/57 | 主分类号 | H04L29/06 |
| 代理机构 | Fountainhead Law Group P.C. | 代理人 | Fountainhead Law Group P.C. |
| 主权项 | 1. A computer-implemented method comprising: an engine receiving a sequence diagram of a system comprising a plurality of entities, and messages between the plurality of entities sent along communications channels; the engine generating from the sequence diagram, an annotated sequence diagram including an annotation of security information comprising a security goal reflecting an environment in which the plurality of entities reside; the engine displaying the annotated sequence diagram; the engine translating the annotated sequence diagram into a model based upon the annotation; the engine identifying a threat based upon the model; and the engine executing on a hardware processor, a computer program stored in a memory to display a rendering of the threat, the rendering comprising a specific sequence diagram execution manifesting violation of the security goal. | ||
| 地址 | Walldorf DE | ||