Open Access Open Access  Restricted Access Subscription Access


Yu-Tso Chen,
Chuang-Chiao Huang,
James Wu,


預防與治療是疾病防治的兩大手段,而對於資訊系統的資訊安全防護,亦不脫事先的預防與事發的處置,尤其是事先的預防往往能降低事發處置的工作負擔����本研究引用軟體工程的成熟技術與資安威脅的風險評估機制,提出一套資安威脅塑模方法TMER,使得資訊系統在設計過程,即得以系統化、模組化地辨認資訊安全威脅,並確保應用程式的設計可靠性與日後系統運作的理論可用性。而為能實際演練TMER的運作過程,本文以智慧電網的資訊系統應用為例,展示建構智慧電網應用之資安威脅模型,內容涵蓋傳統電力系統、資料採集與監控系統supervisory control and data acquisition (SCADA)、先進測量基礎設施advanced metering infrastructure (AMI)的功能元件剖析;接著針對擬分析的智慧電網應用,在確認關鍵功能元件之後,透過使用案例圖、資料流程圖、威脅分類表STRIDE+p 以及風險評估分析,逐步篩選關鍵資安威脅以完成威脅模型的建立。本文所提出的TMER資安威脅塑模方法,考慮功能元件的框架內容建立、引入軟體工程的分析與設計工具,再援引資安威脅類型與風險評估理論,為系統化的資安威脅塑模指出了一條足資參考的學術研究方向;而所展示的資安威脅塑模案例演練,亦可為智慧電網的資安設計在實務研究上提供有價值的參考。Prevention and treatment are the two major ways of disease handling; the security protection of information system is also the same. In particular, prior prevention can reduce the workload of protecting the system against the happening attacks. This study proposes a novel threat modeling method, named TMER, by leveraging the features of software engineering method and risk assessment mechanism. The TMER can help identify information security threats in a systematical and modularized fashion in the progress of system design; accordingly, to ensure the reliability of system design and the theoretical availability of system operations. In order to introduce the operation process of the proposed TMER, this paper takes an application of smart grid (SG) as an example to demonstrate the works of TMER. Firstly, to confirm the functional components of SG that covers the traditional power system, supervisory control and data acquisition (SCADA), and advanced metering infrastructure (AMI). And then, a selected SG application is analyzed through the tools of use case diagram, data flow diagram, the proposed STRIDE+p threat classification table, and risk assessment mechanism to build a probabilistic threat model. The proposed TMER considers the functional components of system, adopts software engineering methods, as well as invokes the security threat types and risk assessment mechanism, so that indicates a considerable research direction of systematic threat modeling. Besides, the demonstrated practice towards application of SG also provides a valuable and practical reference for information security design on SG applications.


威脅模型; 軟體工程; 風險評估; 智慧電網; Threat Model; Software Engineering; Risk Assessment; Smart Grid

Citation Format:
Yu-Tso Chen, Chuang-Chiao Huang, James Wu, "結合軟體工程方法與風險評估機制建構資安威脅模型:以物聯網架構下之智慧電網應用為例," Communications of the CCISA, vol. 24, no. 2 , pp. 58-76, Apr. 2018.

Full Text:



  • There are currently no refbacks.

Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office, No.1, Sec. 1, Shennong Rd., Yilan City, Yilan County 260, Taiwan (R.O.C.)