J2EE应用软件的架构安全评估方法.pdfVIP

杜长霄，李晓红，石 红，等.J2EE应用软件的架构安全评估方法[J].计算机科学与探索，2014，8（5）：572-581. ISSN 1673-9418 CODEN JKYTA8 Journal of Frontiers of Computer Science and Technology 1673-9418/2014/08(05)-0572-10 doi: 10.3778/j.issn.1673-9418.1311022 E-mail: fcst@ Tel: +86-10J2EE应用软件的架构安全评估方法􀆽 杜长霄 1，李晓红 1,2+，石 红 1，冯志勇 1,2 1.天津大学 计算机科学与技术学院，天津 300072 2.天津大学 认知计算与应用重点实验室，天津 300072 Security Evaluation Method for the Architecture of J2EE Applications􀆽 DU Changxiao1, LI Xiaohong1,2+, SHI Hong1,FENG Zhiyong1,2 1. School of Computer Science and Technology, Tianjin University, Tianjin 300072, China 2. Key Laboratory of Cognitive Computing and Application, Tianjin University, Tianjin 300072, China + Corresponding author: E-mail: xiaohongli@ DU Changxiao, LI Xiaohong, SHI Hong, et al. Security evaluation method for the architecture of J2EE applica- tions. Journal of Frontiers of Computer Science and Technology, 2014, 8(5)：572-581. Abstract: In order to identify potential risks of J2EE architecture and assess the implementation of J2EE security mechanisms, this paper presents a quantitative J2EE security evaluation method based on the security of compo- nents. The method focuses on efforts to architecture security mechanism through refining the security of architecture to component level and describing component security mechanism by security tree. In this process, components of J2EE architecture are classified and their security measures are identified according to the component function and J2EE level. Then, an integration process of analytic hierarchy process (AHP) and fuzzy evaluation analysis is used to consider quantitative and qualitative factors in evaluating the security of components to obtain security conclu- sions of architecture. The experiments show that this method can not only improve the evaluation efficiency, but also make the security evaluation process more objective and accurate. Key words: J2EE; security evaluation; component; security tree model 摘 要：为了识别 J2EE架构设计中潜在风险以及评估 J2EE安全机