為了能夠因應資訊時代的快速變遷,系統設計經常會在程式碼撰寫之後再與系 統文件同時進行撰寫,在短時間內完成軟體開發以提升市場競爭力。因此,軟體設計 者可以利用反向工程方法讓系統文件產出能夠更加的快速。反向工程產出系統文件能 夠大幅縮短產出文件的時間,讓系統開發更有效率。在系統開發後透過反向工程產出 分析設計文件,比起過去在系統開發階段前就需產出相關文件會更加容易、迅速且正 確。軟體反向工程能讓開發人員更專注於系統開發,並同時獲得足夠的系統資訊輔助 其開發。本研究希望以資訊安全的角度分析反向工程後UML 圖是否具備一定的安全 性品質。結合Microsoft 所提出的資訊安全架構STRIDE 與知識系統常用的本體論,進 而對UML 圖形之安全性品質進行規範及評核。;In order to cope with the rapid change of the information era, the system design will be often written along with the system documents, such as the “Uniform Modeling Language (UML)” after the code is programmed, and complete software development in a short period of time to enhance market competitiveness. Therefore, software designers can utilize software reverse engineering (SRE) methods to accomplish the system documents faster and more efficiently. It will significantly reduce the time of generating the documents when using SRE methods and also make the system developed more efficiently. It is easier, faster, and more accurate to generate the analysis design documents by means of SRE methods after the system is developed than to make the relevant documents before the system is developed in past. The software SRE is able to make the developing engineers focus more on the system development, and to simultaneously acquire adequate system information assistances. From the perspective of information security, this research is to analyze whether the UML diagrams possess the security quality after using software reverse engineering and to combine the information security architecture – STRIDE proposed by Microsoft and the ontology commonly used in the knowledge system, further, to standardize and evaluate the security quality of UML diagrams.
