The existence of security threats in software designs can significantly impact the safe and reliable operation of systems. Threats need to be precisely specified before a tool can manipulate them, and though several approaches for threat specification have been proposed, they do not provide the scalability and flexibility required in practice. We take this problem towards an integrated approach for threat detection and treatment by means of security requirements, during the software architecture design time. The general idea of the approach is to: (1) specify threats as properties of a modeled system in a technology-independent specification language; (2) express conditions that reveal these threats in a suitable language with automated tool support for threat detection through model verification; and (3) suggest a set of security requirements to protect against detected threats. The formalized threats and security requirements are then provided as formal model libraries to foster reuse. To validate our work, we explore a set of representative threats from categories based on Microsoft’s STRIDE threat classification in the context of secure component-based software architecture development. In addition, we use model-driven engineering techniques for the development of a tool set to support our approach.

软件设计中存在的安全威胁会严重影响系统的安全可靠运行。在工具可以操作威胁之前，需要精确地指定威胁，尽管已经提出了几种威胁指定方法，但它们无法提供实践中所需的可伸缩性和灵活性。在软件体系结构设计期间，我们将这个问题带到了一种通过安全需求来进行威胁检测和处理的集成方法。该方法的总体思想是：（1）使用技术无关的规范语言将威胁指定为建模系统的属性；（2）通过自动工具支持通过模型验证来检测威胁，以适当的语言表达条件以显示这些威胁；（3）建议一套安全要求，以防止检测到的威胁。然后将形式化的威胁和安全要求作为形式化的模型库提供，以促进重用。为了验证我们的工作，我们在基于安全组件的软件体系结构开发的背景下，基于Microsoft的STRIDE威胁分类，从类别中探索了一组代表性威胁。此外，我们使用模型驱动的工程技术来开发工具集以支持我们的方法。我们在基于组件的安全软件体系结构开发的背景下，基于Microsoft的STRIDE威胁分类，从类别中探索了一组代表性威胁。此外，我们使用模型驱动的工程技术来开发工具集以支持我们的方法。我们在基于组件的安全软件体系结构开发的背景下，基于Microsoft的STRIDE威胁分类，从类别中探索了一组代表性威胁。此外，我们使用模型驱动的工程技术来开发工具集以支持我们的方法。