以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：17

、訪客IP：3.144.15.87

姓名	葉圻煒(Chi-Wei Yeh)  查詢紙本館藏	畢業系所	資訊管理學系
論文名稱	在軟體反向工程中應用本體論架構建立一套 設計品質評核之方法 － 以安全性為例 (Design and Implementation of Ontology-based Evaluation System for Design Quality in Software Reverse Engineering: Focusing on Security)
相關論文	★ 專案管理的溝通關鍵路徑探討─以某企業軟體專案為例 ★ 運用並探討會議流如何促進敏捷發展過程中團隊溝通與文件化：以T銀行系統開發為例 ★ 專案化資訊服務中人力連續派遣決策模式之研究─以高鐵行控資訊設備維護為例 ★ 以組織正義觀點介入案件指派決策之研究 ★ 應用協調理論建立系統軟體測試中問題改善之協作流程 ★ 應用案例式推理於問題管理系統之研究 -以筆記型電腦產品為例 ★ 運用限制理論於多專案開發模式的人力資源配置之探討 ★ 應用會議流方法於軟體專案開發之個案研究：以翰昇科技公司為例 ★ 多重專案、多期再規劃的軟體開發接案決策模式：以南亞科技資訊部門為例 ★ 會議導向敏捷軟體開發及系統設計：以大學畢業專題為例 ★ 一種基於物件、屬性導向之變更影響分析方法於差異化產品設計 ★ 會議流方法對大學畢業專題的團隊合作品質影響之實驗研究 ★ 實施敏捷式發展法於大學部畢業專題之 行動研究 – 以中央大學資管系為例 ★ 建立一個用來評核自然語言需求品質的線上資訊系統 ★ 結合本體論與模糊分析網路程序法於軟體測試之風險與風險關聯辨識 ★ 在軟體反向工程中針對UML結構模型圖之線上品質評核系統
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	為了能夠因應資訊時代的快速變遷，系統設計經常會在程式碼撰寫之後再與系 統文件同時進行撰寫，在短時間內完成軟體開發以提升市場競爭力。因此，軟體設計 者可以利用反向工程方法讓系統文件產出能夠更加的快速。反向工程產出系統文件能 夠大幅縮短產出文件的時間，讓系統開發更有效率。在系統開發後透過反向工程產出 分析設計文件，比起過去在系統開發階段前就需產出相關文件會更加容易、迅速且正 確。軟體反向工程能讓開發人員更專注於系統開發，並同時獲得足夠的系統資訊輔助 其開發。本研究希望以資訊安全的角度分析反向工程後UML 圖是否具備一定的安全 性品質。結合Microsoft 所提出的資訊安全架構STRIDE 與知識系統常用的本體論，進 而對UML 圖形之安全性品質進行規範及評核。
摘要(英)	In order to cope with the rapid change of the information era, the system design will be often written along with the system documents, such as the “Uniform Modeling Language (UML)” after the code is programmed, and complete software development in a short period of time to enhance market competitiveness. Therefore, software designers can utilize software reverse engineering (SRE) methods to accomplish the system documents faster and more efficiently. It will significantly reduce the time of generating the documents when using SRE methods and also make the system developed more efficiently. It is easier, faster, and more accurate to generate the analysis design documents by means of SRE methods after the system is developed than to make the relevant documents before the system is developed in past. The software SRE is able to make the developing engineers focus more on the system development, and to simultaneously acquire adequate system information assistances. From the perspective of information security, this research is to analyze whether the UML diagrams possess the security quality after using software reverse engineering and to combine the information security architecture – STRIDE proposed by Microsoft and the ontology commonly used in the knowledge system, further, to standardize and evaluate the security quality of UML diagrams.
關鍵字(中)	★ 品質評核 ★ 軟體反向工程 ★ 資訊安全 ★ 本體論 ★ UML結構模型圖	關鍵字(英)
論文目次	摘要 V Abstract VI 致謝 VII 目錄 VIII 圖目錄 X 表目錄 XI 第一章 緒論 1 1-1 研究背景 1 1-2 研究問題與動機 2 1-3 研究目的 2 1-4 研究範圍與假設 3 1-5 研究架構 4 第二章 文獻探討 6 2-1 軟體反向工程與設計品質 6 2-1-1 UML 反向工程研究與工具 6 2-1-2 UML結構模型圖品質 7 2-2 設計階段的資訊安全 7 2-3 安全相關度量 8 2-4 本體論 10 2-5 本體語言 11 第三章 系統設計 13 3-1 系統架構 13 3-2 資料蒐集 14 3-3 資訊安全模型 15 3-4 資訊安全度量 18 3-4-1 安全漏洞指數 18 3-4-2 數據正規化 19 3-5 本體建置 20 3-5-1 建立概念 21 3-5-2 建立規則 23 3-5-3 規則釋例與說明 26 第四章 系統實作與展示 32 4-1 系統與開發環境 32 4-2 案例說明 35 4-3 系統展示 37 第五章 系統成果與討論 43 5-1 系統驗證 43 5-2 重構建議驗證 49 5-2-1 規則 – 名稱混淆(Spoofing) 49 5-2-2 規則 – 未列服務方法(Tampering and Elevation of Privilege) 50 5-2-3 規則 – 未建立Log相關類別(Repudiation) 50 5-2-4 規則 – 資料加密(Information Disclosure) 52 5-2-5 規則 – 屬性重複(Denial of Service) 52 5-3 系統數值分析驗證 53 5-3-1 總威脅指數(TVI) 54 5-3-2 系統正規化數值驗證 56 5-4 驗證效度說明 57 第六章 結論 59 6-1 研究貢獻 59 6-2 研究限制與未來發展 60 參考資料 61 附錄一、網頁程式碼範例 64 附錄二、後端程式碼範例 70
參考文獻	Amir, M., Khan, K., Khan, A., & Khan, M. (2013). An appraisal of agile software development process. International Journal of Advanced Science & Technology, 58(56), 20. Antoniou, G., & Van Harmelen, F. (2004). A semantic web primer: MIT press. Bishop, M. (2003). What is computer security? IEEE Security & Privacy, 99(1), 67-69. Briand, L. C., Labiche, Y., & Leduc, J. (2006). Toward the reverse engineering of UML sequence diagrams for distributed Java software. IEEE Transactions on Software Engineering, 32(9), 642-663. Canfora, G., Di Penta, M., & Cerulo, L. (2011). Achievements and challenges in software reverse engineering. Communications of the ACM, 54(4), 142-151. Chidamber, S. R., & Kemerer, C. F. (1994). A metrics suite for object oriented design. IEEE Transactions on Software Engineering, 20(6), 476-493. Chikofsky, E. J. C., James H. (1990). Reverse engineering and design recovery: A taxonomy. IEEE software, 7(1), 13-17. Dale R. Thompson, J., Michael K. Daugherty. (2014). Teaching RFID information systems security. IEEE Transactions on Education, 57(1), 42-47. de Almeida Biolchini, J. C., Mian, P. G., Natali, A. C. C., Conte, T. U., & Travassos, G. H. (2007). Scientific research ontology to support systematic review in software engineering. Advanced Engineering Informatics, 21(2), 133-151. Di Lucca, G. A. F., Anna Rita Tramontana, Porfirio. (2004). Reverse engineering Web applications: the WARE approach. Journal of Software maintenance evolution: Research practice, 16(1-2), 71-101. Dzidek, W. J., Arisholm, E., & Briand, L. C. (2008). A realistic empirical evaluation of the costs and benefits of UML in software maintenance. IEEE Transactions on software engineering, 34(3), 407-432. Fensel, D. (2001). Ontologies. In Ontologies (pp. 11-18): Springer. Gahalaut, A. K., & Khandnor, P. (2010). Reverse engineering: an essence for software reengineering and program analysis. International Journal of Engineering Science, 2(06), 2296-2303. Genero, M., Manso, E., Visaggio, A., Canfora, G., & Piattini, M. (2007). Building measurebased prediction models for UML class diagram maintainability. Empirical Software Engineering, 12(5), 517-549. Hafiz, M., & Johnson, R. E. (2006). Security patterns and their classification schemes. University of Illinois at Urbana-Champaign Department of Computer Science, Tech. Rep. Hitchings, J. (2016). A practical solution to the complex human issues of information security design. Information Systems Security: Facing the information society of the 21st century, 1. Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B., & Dean, M. (2004). SWRL: A semantic web rule language combining OWL and RuleML. W3C Member submission, 21(79), 1-31. Jain, A., Nandakumar, K., & Ross, A. (2005). Score normalization in multimodal biometric systems. Pattern recognition, 38(12), 2270-2285. Jürjens, J. (2005). Secure systems development with UML: Springer Science & Business Media. K. R. Suneetha, K., Raghuraman. (2009). Identifying user behavior by analyzing web server access log file. IJCSNS International Journal of Computer Science Network Security, 9(4), 327-332. Kaufman, L. M. (2009). Data security in the world of cloud computing. IEEE Security Privacy, 7(4). Keschenau, M. (2004). Reverse engineering of UML specifications from Java programs. Paper presented at the Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications. Lange, C. F., & Chaudron, M. R. (2005). Managing model quality in UML-based software development. Paper presented at the Software Technology and Engineering Practice, 2005. 13th IEEE International Workshop on. Liu, Z. (2011). A method of SVM with normalization in intrusion detection. Procedia Environmental Sciences, 11, 256-262. Maedche, A., Motik, B., Stojanovic, L., Studer, R., & Volz, R. (2003). Ontologies for enterprise knowledge management. IEEE Intelligent systems, 18(2), 26-33. Maedche, A., & Staab, S. (2001). Ontology learning for the semantic web. IEEE Intelligent systems, 16(2), 72-79. Martinez-Cruz, C., Blanco, I. J., & Vila, M. A. (2012). Ontologies versus relational databases: are they so different? A comparison. Artificial Intelligence Review, 38(4), 271-290. McGraw, G. (2004). Software security. IEEE Security & Privacy, 2(2), 80-83. Michael K. Smith, C. W., Deborah L. McGuinness. (2009). OWL Web Ontology Language Guide. W3C Recommendation. Microsoft. (2018). Microsoft Visual Studio: Microsoft. Retrieved from https://www.visualstudio.com/. Munawar Hafiz, P. A., Ralph E. Johnson. (2007). Organizing security patterns. IEEE software, 24(4). Noy, N. F., & McGuinness, D. L. (2001). Ontology development 101: A guide to creating your first ontology. In: Stanford knowledge systems laboratory technical report KSL-01-05 and …. Oracle. (2019). easyUML. Retrieved from https://www.plugins.netbeans.org/plugin/55435/easyuml. Raibulet, C., Fontana, F. A., & Zanoni, M. (2017). Model-driven reverse engineering approaches: A systematic literature review. IEEE Access, 5, 14516-14542. Rausand, M., & Høyland, A. (2004). System reliability theory: models, statistical methods, and applications (Vol. 396): John Wiley & Sons. Rugaber, S., & Stirewalt, K. (2004). Model-driven reverse engineering. IEEE software, 21(4), 45-53. Schwalbe, K. (2015). Information technology project management: Cengage Learning. Shostack, A. (2014). Threat modeling: Designing for security: John Wiley & Sons. Smith, J., Johnson, B., Murphy-Hill, E., Chu, B.-T., & Richter, H. (2018). How developers diagnose potential security vulnerabilities with a static analysis tool. IEEE Transactions on Software Engineering. Spyros T. Halkidis, N. T., Alexander Chatzigeorgiou, George Stephanides. (2008). Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE Transactions on Dependable and Secure Computing, 5(3), 13. Systa, T., Yu, P., & Muller, H. (2000). Analyzing Java software by combining metrics and program visualization. Paper presented at the Software Maintenance and Reengineering, 2000. Proceedings of the Fourth European. Thompson, D. R., Di, J., & Daugherty, M. K. (2014). Teaching RFID information systems security. IEEE Transactions on Education, 57(1), 42-47. Tryggeseth, E. (1997). Report from an experiment: Impact of documentation on maintenance. Empirical software engineering, 2(2), 201-207. Tsipenyuk, K., Chess, B., & McGraw, G. (2005). Seven pernicious kingdoms: A taxonomy of software security errors. IEEE Security & Privacy, 3(6), 81-84. Van Leeuwen, J. (2006). UML Software Architecture and Design Description. Christian FJ Lange and Michel RV Chaudron. Software, IEEE, 23(2), 40-46. Verdon, D., & McGraw, G. (2004). Risk analysis in software design. IEEE Security & Privacy, 2(4), 79-84. Webdesign, L. (2019). Modelgoon. Retrieved from https://www.modelgoon.org/.
指導教授	陳仲儼	審核日期	2019-7-1
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare