WO2024169388A1 - Security requirement generation method and apparatus based on stride model, electronic device and medium - Google Patents

Abstract

Embodiments of the present application relate to the technical field of computers, and provide a security requirement generation method and apparatus based on a STRIDE model, an electronic device and a medium. The method comprises: obtaining a requirement description set, wherein the requirement description set is obtained by dividing on the basis of a STRIDE model; on the basis of the STRIDE model, dividing executable reference security data to obtain a reference security requirement set; for any requirement description in the requirement description set, obtaining a first similarity between the requirement description and each security requirement to be selected; on the basis of the first similarity between the requirement description and each security requirement to be selected, selecting a security requirement to be selected corresponding to the requirement description as a target security requirement; and generating a target security requirement set on the basis of target security requirements corresponding to requirement descriptions. In this way, the security requirement does not need to be manually edited, and the security requirement meeting requirements is selected according to the first similarity, thereby improving the efficiency of generating the target security requirement set.

Description

Security requirement generation method, device, electronic device and medium based on STRIDE model

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to a Chinese patent application filed with the China Patent Office on February 13, 2023, with application number 202310106093.5 and application name “Security Requirements Generation Method, Device, Electronic Device and Medium Based on STRIDE Model”, all contents of which are incorporated by reference in this application.

Technical Field

The present application relates to the field of computer technology, and in particular to a method, device, electronic device and medium for generating security requirements based on a STRIDE model.

Background Art

With the gradual development of computer technology, the number of threats to various systems or applications is gradually increasing. In order to eliminate security threats in advance, security solutions are usually designed during the development phase of the system or application. Accordingly, security solutions need to be designed based on security requirements.

In the prior art, security requirements are often obtained by manual editing by relevant staff based on their work experience, and the efficiency of generating security requirements is low.

Summary of the invention

The purpose of the embodiments of the present application is to provide a method, device, electronic device and medium for generating security requirements based on the STRIDE model to solve the above problems. The specific technical solution is as follows:

In a first aspect of the implementation of the present application, a method for generating security requirements based on the STRIDE model is first provided, and the method may include:

Obtaining a requirement description set, the requirement description set including requirement descriptions corresponding to each model dimension, the requirement description set being obtained based on the division of the STRIDE model;

Based on the STRIDE model, executable reference security data is divided to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions;

For any requirement description in the requirement description set, obtaining a first similarity between the requirement description and each security requirement to be selected; the security requirement to be selected is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description;

Based on a first similarity between the requirement description and each candidate security requirement, selecting a candidate security requirement corresponding to the requirement description as a target security requirement;

A target security requirement set is generated based on the target security requirements corresponding to each of the requirement descriptions.

In a second aspect of the implementation of the present application, a device for generating safety requirements based on a STRIDE model is provided, and the device may include:

A requirement description acquisition module is used to acquire a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the division of the STRIDE model;

A security data partitioning module, used to partition executable reference security data based on the STRIDE model to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions;

A first similarity acquisition module is used to acquire, for any requirement description in the requirement description set, a first similarity between the requirement description and each candidate security requirement; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description;

A selection module, configured to select, based on a first similarity between the requirement description and each of the candidate security requirements, a candidate security requirement corresponding to the requirement description as a target security requirement;

The target security requirement set generating module is used to generate a target security requirement set based on the target security requirements corresponding to each of the requirement descriptions.

In a third aspect of the present application, there is also provided an electronic device, including a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

Memory, used to store computer programs;

The processor is used to perform the method described in the first aspect when executing the program stored in the memory.

In a fourth aspect of the implementation of the present application, a computer-readable storage medium is further provided, wherein instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the computer performs the method described in the first aspect above.

In a fifth aspect of the implementation of the present application, there is also provided a computer program product comprising instructions, which, when executed on a computer, enables the computer to perform any of the methods described in the first aspect above.

The embodiment of the present application obtains a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the STRIDE model; executable reference security data is divided based on the STRIDE model to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions; for any requirement description in the requirement description set, a first similarity between the requirement description and each candidate security requirement is obtained; the candidate security requirement is a security requirement whose model dimension corresponding to the reference security requirement set is consistent with the model dimension corresponding to the requirement description; based on the first similarity between the requirement description and each candidate security requirement, a candidate security requirement corresponding to the requirement description is selected as a target security requirement; and a target security requirement set is generated based on the target security requirements corresponding to each of the requirement descriptions. In this way, by dividing the requirement description set and the reference security requirement set based on the STRIDE model, the first similarity between the requirement description and the candidate security requirement under the same model dimension can be obtained according to the model dimension, thereby improving the accuracy of the first similarity calculation. At the same time, the target security requirement corresponding to the requirement description is selected through the first similarity between the requirement description and the candidate security requirement, and a target security requirement set is generated. The obtained target security requirement is consistent with the requirement description, and there is no need to manually edit the security requirement. Only the security requirement that meets the requirements can be selected according to the first similarity, thereby improving the efficiency of generating the target security requirement set.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art are briefly introduced below.

FIG1 is a flowchart of a method for generating security requirements based on a STRIDE model provided in an embodiment of the present application;

FIG2 is a schematic diagram of a clustering operation provided in an embodiment of the present application;

FIG3 is a schematic diagram of a text vector calculation provided by an embodiment of the present application;

FIG4 is a schematic diagram of a scenario provided by an embodiment of the present application;

FIG5 is a flowchart of another method for generating security requirements based on the STRIDE model provided in an embodiment of the present application;

FIG6 is a structural block diagram of a security requirement generation device based on a STRIDE model provided in an embodiment of the present application.

DETAILED DESCRIPTION

The technical solutions in the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application.

FIG. 1 is a flowchart of a method for generating security requirements based on a STRIDE model provided in an embodiment of the present application. As shown in FIG. 1 , the method may include the following steps:

Step 101: Obtain a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the STRIDE model division.

The above-mentioned requirement description set refers to a set containing requirement descriptions, which may be in the form of a list. The above-mentioned requirement description refers to the business process designed in the design phase of software development, the possible attack information and the protection operations that need to be performed for the attack information, that is, the requirement description may include a threat description and a suggestion description, usually in text form, and each threat description and each suggestion description usually correspond one to one. The above-mentioned business process may be designed for the World Wide Web system (WEB) or for host-type software. The embodiment of the present application does not limit the type of software.

Among them, the above-mentioned STRIDE model is a threat modeling, which can divide threats into spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege, six model dimensions. Accordingly, the embodiment of the present application can classify the above-mentioned requirement description according to the dimensions of the STRIDE model to obtain requirement descriptions corresponding to different dimensions. In some embodiments, the embodiment of the present application can further divide the requirement descriptions of different dimensions into different subsets according to the model dimensions where each requirement description is located, so that the above-mentioned requirement description set can include subsets of different model dimensions.

Specifically, the embodiment of the present application can obtain the above-mentioned requirement description set through a threat modeling tool (threat modeling tool), the core of which is the STRIDE modeling method. Specifically, the designed business process can be input into the above-mentioned threat modeling tool. The threat modeling tool can identify and determine the possible threats in each process, and generate corresponding suggestions based on the threats, so that the requirement description set can be obtained according to the generated threats and suggestions.

Step 102: Based on the STRIDE model, executable reference security data is divided to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions.

Among them, the executable reference security data refers to the security requirement data that can be determined to provide reference for software development, which can be the security requirements of historical software development projects, or the reference security requirements directly obtained from the Internet. They are usually security requirements that can provide reference for developers in other software development processes. Therefore, the reference security data is executable. Compared with the recommended description in the above requirement description, it is usually more detailed and can provide developers with a more accurate and detailed reference. Among them, the above security requirements refer to the development requirements proposed in the design stage in order to ensure the security of the designed software or system in all aspects (for example, the security of servers and data, the security of information transmission between servers and users, and the security of application clients and environments, etc.). Developers will refer to the security requirements to complete the security function development or design of the system or software.

Among them, the above-mentioned reference security data usually includes a large amount of security requirement data, and is usually security requirement data that provides reference in different aspects. The model dimension of each reference security data can be determined according to the role played by different reference security data. Specifically, the above-mentioned reference security data is also in text form. The embodiment of the present application can determine the model dimension of each reference security data through the semantic description of each reference security data, or it can also obtain the model dimension of each reference security data by receiving the input information of the staff for different reference security data. The embodiment of the present application does not limit this.

In some embodiments, in the embodiments of the present application, reference security data of different dimensions can be further divided into different subsets according to the model dimensions of each reference security data, so that the above-mentioned reference security requirement set can include the security requirement subsets corresponding to each model dimension.

Step 103: For any requirement description in the requirement description set, obtain a first similarity between the requirement description and each candidate security requirement; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description.

Among them, the above-mentioned first similarity can be the similarity between the semantics of the requirement description and the semantics of each candidate security requirement, which can characterize the degree of matching between the requirement description and each candidate security requirement. The higher the similarity, the higher the degree of matching. Accordingly, the higher the probability that the candidate security requirement can avoid the threat in the requirement description, and the better the effect of the candidate security requirement as the security requirement corresponding to the requirement description.

Specifically, the first similarity may be the cosine similarity between the requirement description and the selected security requirement. Of course, it may also be calculated using other similarity algorithms, which is not limited in this embodiment of the present application.

Specifically, the embodiments of the present application may set the above-mentioned reference security requirements and take the security requirements with the same model dimension corresponding to the above-mentioned requirement description as candidate security requirements. Since the model dimension can characterize the threat dimension targeted by the requirement description and the security requirement, the first similarity between the two can be calculated under the same threat dimension, thereby improving the accuracy of the similarity calculation.

Step 104 : Based on the first similarity between the requirement description and each candidate security requirement, select the candidate security requirement corresponding to the requirement description as the target security requirement.

Step 105: Generate a target security requirement set based on the target security requirements corresponding to each of the requirement descriptions.

Specifically, the embodiments of the present application can select the security requirement with the highest first similarity to the requirement description from the above-mentioned candidate security requirements as the target security requirement, or can also set a selection threshold and use the candidate security requirement with a first similarity greater than the above-mentioned selection threshold as the above-mentioned target security requirement. It can be set according to the actual situation, and the embodiments of the present application do not limit this.

Furthermore, after obtaining the target security requirements corresponding to each requirement description in step 104, the target security requirements corresponding to different requirement descriptions can be merged into the same set to obtain the above-mentioned target security requirement set, thereby completing the security requirement generation. The target security requirement set is a set including the generated security requirements.

In summary, the embodiment of the present application obtains a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the STRIDE model division; executable reference security data is divided based on the STRIDE model to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions; for any requirement description in the requirement description set, a first similarity between the requirement description and each candidate security requirement is obtained; the candidate security requirement is a security requirement whose model dimension corresponding to the reference security requirement set is consistent with the model dimension corresponding to the requirement description; based on the requirement Calculate the first similarity between the description and each candidate security requirement, select the candidate security requirement corresponding to the requirement description as the target security requirement; generate a target security requirement set based on the target security requirements corresponding to each requirement description. In this way, through the requirement description set and the reference security requirement set divided based on the STRIDE model, the first similarity between the requirement description and the candidate security requirement under the same model dimension can be obtained according to the model dimension, thereby improving the accuracy of the first similarity calculation. At the same time, the target security requirement corresponding to the requirement description is selected through the first similarity between the requirement description and the candidate security requirement, and a target security requirement set is generated. The obtained target security requirement is consistent with the requirement description, and there is no need to manually edit the security requirement. The security requirement that meets the requirements can be selected according to the first similarity, thereby improving the efficiency of generating the target security requirement set.

In some embodiments, the embodiments of the present application may specifically include the following steps:

Step 201: For any of the model dimensions, classify the security requirements in the reference security requirement set corresponding to the model dimension to obtain different categories of security requirements under the model dimension; any category of security requirements includes central requirements.

Among them, the security requirements of any model dimension may correspond to different functional modules of the software. Therefore, the above classification can be classified according to the functional modules corresponding to each security requirement, and the security requirements corresponding to the same functional module can be classified into the same category. Of course, other classification rules can also be set according to actual needs, and the embodiments of the present application are not limited to this.

Furthermore, after obtaining security requirements of different categories, a central requirement can be selected from the security requirements of each category, wherein the similarity between any security requirement and other security requirements can be calculated under the same category, and the security requirement with the greatest similarity to other security requirements can be used as the central requirement. Specifically, the above classification and determination of the central requirements of each category can be achieved through the K-means clustering algorithm (k-means clustering algorithm, K-means). It can be understood that the central requirements of each category obtained in the above manner are relatively close to other security requirements, so the central requirement is a more representative security requirement in the category.

The operation of selecting the candidate security requirement corresponding to the requirement description based on the first similarity between the requirement description and each candidate security requirement may specifically include the following steps:

Step 202: Obtain a second similarity between the requirement description and each target central requirement as a similarity threshold of each category; the target central requirement is a central requirement in a category under the model dimension corresponding to the selected security requirement.

Step 203: Based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category, select a candidate security requirement corresponding to the requirement description.

Furthermore, the embodiment of the present application can obtain the second similarity between the requirement description and the central requirement of each category under the same model dimension. Since the central requirement of each category is a more representative security requirement in each category, the second similarity of each central requirement can be used as the similarity threshold of each category under the model dimension to screen other security requirements. Among them, the above-mentioned second similarity can also be the cosine similarity between the text of the requirement description and the text of the central requirement, and of course it can also be calculated by other similarity algorithms, which is not limited by the embodiment of the present application.

Specifically, under the same model dimension, the similarity threshold corresponding to each candidate security requirement can be used as a selection condition, and the candidate security requirement whose first similarity is greater than the similarity threshold is used as the candidate security requirement corresponding to the requirement description. It can be understood that when the first similarity between the candidate security requirement and the requirement description is not greater than the corresponding similarity threshold, it indicates that the candidate security requirement does not match the actual requirement of the current software or system, and thus it can be excluded. It is a candidate security requirement corresponding to the requirement description. Accordingly, when the first similarity between the candidate security requirement and the requirement description is greater than the corresponding similarity threshold, it indicates that the candidate security requirement matches the actual requirement of the current software or system, and thus it can be used as the candidate security requirement corresponding to the requirement description.

In an embodiment of the present application, by classifying the security requirements corresponding to the model dimension in the reference security requirements set for any of the model dimensions, different categories of security requirements under the model dimension are obtained; any category of security requirements includes central requirements; the second similarity between the requirement description and each target central requirement is obtained as the similarity threshold of each category; the target central requirement is the central requirement in the category under the model dimension corresponding to the candidate security requirement; based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category, the candidate security requirement corresponding to the requirement description is selected. In this way, the reference security requirements under each model dimension are classified, and the central requirement is determined in each category, and the reference security requirements in the same model dimension can be clustered to facilitate subsequent calculations. At the same time, by using the similarity between the requirement description and each central requirement as the similarity threshold of each category, and screening each candidate security requirement by the similarity threshold, the matching between the candidate security requirement and the requirement description can be further improved, and the accuracy of generating the target security requirement set can be improved.

In some embodiments, FIG. 2 is a schematic diagram of a clustering operation provided in an embodiment of the present application. As shown in FIG. 2, the operation of classifying the security requirements corresponding to the model dimension in the reference security requirement set to obtain different categories of security requirements under the model dimension may specifically include the following steps:

Step 301: Select multiple initial central requirements from the security requirements corresponding to the model dimension in the reference security requirement set as candidate central requirements; one candidate central requirement corresponds to one of the categories.

The above initial central requirements can be randomly selected from the security requirements under the same model dimension. Specifically, the security requirements under the same model dimension can be randomly divided into K groups, and an initial central requirement is randomly selected from each group, thereby obtaining K initial central requirements, and accordingly, K categories can be obtained. The above K value can be set according to actual needs, and the embodiment of the present application does not limit this.

Step 302: For any security requirement in the reference security requirement set corresponding to the model dimension, obtain a third similarity between the security requirement and each of the candidate center requirements.

Step 303: Classify the security requirements into the categories represented by the corresponding candidate center requirements with the largest third similarity.

Furthermore, by obtaining the third similarity between other security requirements and each candidate central requirement under the same model dimension, the proximity between each security requirement and each candidate central requirement can be obtained. The greater the similarity, the closer the two are. Thus, each security requirement can be assigned to the category of the candidate central requirement with the largest third similarity, and clustering can be achieved to obtain security requirements of different categories under each model dimension and the central requirement of the security requirements of this category. Among them, the above third similarity can also be the cosine similarity between the two texts, and of course it can also be calculated by other similarity algorithms, which is not limited in the embodiments of the present application.

Step 304: Based on the security requirements contained in each category, reselect multiple center requirements as the candidate center requirements, and re-execute the operation of obtaining the third similarity between the security requirements and each of the candidate center requirements based on the candidate center requirements until the preset termination condition is reached, and use the current candidate center requirements as the target center requirements, and use the current classification result as the final classification result.

Furthermore, after all security requirements under the same model dimension are assigned to the categories represented by the candidate central requirements, the central requirements of each category can be reselected from the security requirements contained in the current categories as New candidate center requirements. The security requirements included in the above categories include the center requirements of each category and other security requirements in each category except the center requirements.

Specifically, the above-mentioned operation of reselecting multiple central requirements can be to recalculate the similarity between any security requirement and other security requirements in the category based on the security requirements included in the current category, and further obtain new candidate central requirements of different categories. Specifically, after obtaining the similarity between any security requirement and other security requirements in the category, the mean similarity between the security requirement and the other security requirements can be further obtained, that is, the sum of the similarities between the security requirement and the other security requirements is divided by the number of other security requirements to obtain the mean similarity of the security requirement. Accordingly, each security requirement in the category can obtain the corresponding mean similarity through the above-mentioned operation, and the security requirement with the smallest mean similarity can be used as the new candidate central requirement.

Furthermore, the third similarity between each candidate center requirement and other security requirements in the reference security requirement set under the same model dimension as each candidate center requirement can be obtained again, and other security requirements can be classified into the corresponding category of the candidate center requirement with the largest third similarity.

Among them, the above-mentioned preset termination condition can be that the re-selected candidate center demand is consistent with the original candidate center demand, or the number of times the candidate center demand is selected reaches a preset number threshold, and the embodiment of the present application does not limit this. When the preset termination condition is reached, it indicates that the current classification result has met the requirements, so that the current classification result can be used as the final classification result, and the current candidate center demand is used as the target center demand. Correspondingly, the security requirements contained in the category represented by each target center demand are used as the security requirements of the category.

In the embodiment of the present application, multiple initial central requirements are selected from the security requirements corresponding to the model dimension in the reference security requirement set as the central requirements to be selected; one central requirement to be selected corresponds to one category; for any security requirement in the security requirements corresponding to the model dimension in the reference security requirement set, the third similarity between the security requirement and each central requirement to be selected is obtained; the security requirement is divided into the category represented by the central requirement to be selected with the largest corresponding third similarity; based on the security requirements contained in each category, multiple central requirements are re-selected as the central requirements to be selected, and the operation of obtaining the third similarity between the security requirement and each central requirement to be selected is re-executed based on each central requirement to be selected, until the preset termination condition is reached, the current central requirements to be selected are used as the target central requirements, and the current classification result is used as the final classification result. In this way, by calculating the third similarity, the security requirements under the same model dimension can be classified, and the relatively close security requirements can be classified into the same category to achieve clustering, so as to facilitate the matching of the requirement description and the security requirement under the same model dimension and the same category, and further improve the accuracy of the matching.

In some embodiments, the operation of selecting the candidate security requirement corresponding to the requirement description based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category may specifically include the following steps:

Step 401: For any of the security requirements to be selected, a similarity threshold of the category to which the security requirement to be selected belongs is obtained from the similarity thresholds of the categories as a target similarity threshold corresponding to the security requirement to be selected.

Step 402: If the first similarity between the candidate security requirement and the requirement description is not lower than a target similarity threshold corresponding to the candidate security requirement, determine the candidate security requirement as the candidate security requirement corresponding to the requirement description.

Among them, through the above steps, multiple similarity thresholds corresponding to different categories can be obtained, so in the embodiment of the present application, according to the category of the security requirement to be selected, the similarity threshold of the category can be selected as the similarity threshold of the security requirement to be selected. The target similarity threshold is obtained, so that the target similarity threshold corresponding to each candidate security requirement can be obtained.

Furthermore, the first similarity between each candidate security requirement and the requirement description may be compared with the target similarity threshold of each candidate security requirement, and the candidate security requirement whose first similarity is not lower than the corresponding target similarity threshold may be determined as the candidate security requirement corresponding to the requirement description.

In an embodiment of the present application, for any of the security requirements to be selected, the similarity threshold of the category to which the security requirement to be selected belongs is obtained from the similarity thresholds of each category as the target similarity threshold corresponding to the security requirement to be selected; when the first similarity between the security requirement to be selected and the requirement description is not lower than the target similarity threshold corresponding to the security requirement to be selected, the security requirement to be selected is determined as the security requirement to be selected corresponding to the requirement description. In this way, by selecting a security requirement to be selected whose first similarity threshold is not lower than the target similarity threshold, the matching degree between the selected security requirement to be selected and the requirement description can be improved. At the same time, by obtaining the similarity threshold of the category to which the security requirement to be selected belongs from the similarity thresholds of each category as the target similarity threshold, the security requirements to be selected can be screened under the same category of the same model dimension, so that the screening of the security requirements to be selected is more refined, and the accuracy of the selected security requirements to be selected is further improved.

In some embodiments, the operation of obtaining the first similarity between the requirement description and each candidate security requirement may include the following steps:

Step 501: Obtain a first text vector corresponding to each of the to-be-selected security requirements and a second text vector corresponding to the requirement description.

Step 502: Determine a first similarity between the requirement description and each of the security requirements to be selected based on the second text vector and the first text vector corresponding to each of the security requirements to be selected.

The above-mentioned text vector is a vector that can represent the semantics or theme of the text. Therefore, the embodiment of the present application obtains the first text vector of each candidate security requirement and the second text vector corresponding to the requirement description respectively, and then calculates the similarity between the two.

Specifically, in the embodiment of the present application, the first text vector and the second text vector can be calculated by a text vector algorithm (for example, doc2vec). FIG3 is a schematic diagram of a text vector calculation provided by an embodiment of the present application. As shown in FIG3, the texts of each selected security requirement and the requirement description can be input into the word segmenter to obtain the word segmentation (Information-Dispersal Scheme, ids) of each text, and then the word segmentation is used as input to obtain the text vector through the vector mapping function (nn.Embedding).

Furthermore, the first similarity can be obtained by calculating the cosine similarity between the first text vector and the second text vector. Specifically, the cosine similarity can measure the similarity between the two vectors by measuring the cosine value of the angle between the two vectors, wherein, since the cosine value of the 0-degree angle is 1, the cosine values of other angles are not greater than 1, and the minimum value is -1, it is possible to determine whether the two vectors are pointing in roughly the same direction based on the cosine value of the angle between the two vectors, thereby obtaining the degree of similarity between each candidate security requirement and the subject or semantics of the requirement description in the embodiment of the present application.

In the embodiment of the present application, by obtaining the first text vector corresponding to each of the selected security requirements and the second text vector corresponding to the requirement description; based on the second text vector and the first text vector corresponding to each of the selected security requirements, the first similarity between the requirement description and each of the selected security requirements is determined. In this way, by first obtaining the text vectors of each of the selected security requirements and the requirement description, the semantic representation of the selected security requirements and the requirement description can be obtained, so that the first similarity can be calculated through the text vector, which can improve the accuracy of the first similarity.

In some embodiments, the above-mentioned operation of dividing the executable reference security data based on the STRIDE model may specifically include the following steps:

Step 601: Obtain semantic information of each piece of security data contained in the reference security data.

Step 602: For any piece of the security data, the semantic information of the security data is used as the input of the STRIDE model, and the STRIDE model divides the security data into corresponding model dimensions according to the semantic information.

Among them, the above-mentioned semantic information can represent the meaning expressed by each piece of security data. Specifically, the semantic information of each security data can be obtained through a preset text semantic extraction model or text semantic extraction algorithm, and the embodiments of the present application are not limited to this.

Specifically, the reference security data is often a whole paragraph of text. The embodiment of the present application can split the reference security data into multiple security data. Furthermore, when the format of the reference security data is not a specified format, the reference security data can be pre-processed and converted into a specified format, wherein the above-mentioned specified format can be a TXT format, thereby facilitating subsequent calculations and analysis.

Furthermore, the STRIDE model is a model that can classify data according to the STRIDE method, and the STRIDE model can be pre-built. Specifically, the STRIDE model can determine the type of threat to which each piece of security data is targeted through the semantic information, determine which model dimension of threat it is used to solve, and divide it into corresponding model dimensions. Different model dimensions correspond to different threat types, thereby realizing the division of security data.

In some embodiments, the above division of security data may also be performed by receiving input information from staff, and the above input information may represent the model dimension to which each piece of security data belongs.

In the embodiment of the present application, the semantic information of each piece of security data contained in the reference security data is obtained; for any piece of the security data, the semantic information of the security data is used as the input of the STRIDE model, and the STRIDE model divides the security data into corresponding model dimensions according to the semantic information. In this way, by dividing the reference security data through the STRIDE model, security data that conforms to the STRIDE model dimension can be obtained, so as to facilitate the subsequent similarity matching with the demand description under different model dimensions and improve the matching accuracy.

In some embodiments, the operation of obtaining the requirement description set may include the following steps:

Step 701: Obtain threat information of each process in the process to be processed.

Step 702: For any of the processes, determine a requirement description corresponding to the process according to the threat information.

Step 703: For any of the requirement descriptions, the semantic information of the requirement description is used as the input of the STRIDE model, and the STRIDE model divides the requirement description into corresponding model dimensions according to the semantic information.

Regarding the above steps 701 to 703, the above-mentioned process to be processed refers to the business process for which the target security requirement set needs to be generated, and the business process can be the process designed for the software to be developed during the software design phase. Correspondingly, the above-mentioned threat information refers to the threats that may exist during the actual execution of each process, which may be external or internal, and will have destructive consequences on the system or software, and may cause downtime or sensitive information leakage, etc. Therefore, the embodiment of the present application can pre-identify the threat information existing in the process to be processed.

Furthermore, in the case of threat information, corresponding suggestion information can be generated for it, wherein the suggestion Information refers to adding operation steps to the process to solve the corresponding threat. The embodiment of the present application can further use the above threat information and suggestion information as a demand description, or directly use the threat information or suggestion information as a demand description. The embodiment of the present application is not limited to this. Specifically, the above threat information and demand description can be obtained through the threat modeling tool.

Furthermore, the STRIDE model is a model that can classify data according to the STRIDE method, and the STRIDE model can be pre-built. Specifically, since the semantic information can represent the meaning expressed by each requirement description, the STRIDE model can determine the type of threat that each requirement description needs to solve through the semantic information of each requirement description, determine which model dimension threat it needs to solve, and divide it into the corresponding model dimension. Different model dimensions correspond to different threat types, thereby realizing the division of the requirement description.

In the embodiment of the present application, the threat information existing in each process in the process to be processed is obtained; for any of the processes, the requirement description corresponding to the process is determined according to the threat information; for any of the requirement descriptions, the semantic information of the requirement description is used as the input of the STRIDE model, and the STRIDE model divides the requirement description into corresponding model dimensions according to the semantic information. In this way, by obtaining the threat information and requirement description in the process to be processed, a corresponding target security requirement set can be generated for it according to the actual requirements of the process to be processed. At the same time, by dividing the requirement description through the STRIDE model, a requirement description that conforms to the STRIDE model dimension can be obtained, so as to facilitate the subsequent similarity matching with the reference security data under different model dimensions and improve the accuracy of the matching.

In some embodiments, the model dimensions include impersonation, tampering, repudiation, information leakage, denial of service, and privilege escalation.

Among them, the above-mentioned impersonation refers to the attacker's attempt to obtain access rights by using false identity information, the above-mentioned tampering refers to the attacker's malicious modification of data without authorization, such as modifying communication data, the above-mentioned denial refers to the attacker's denial of performing a certain operation or business in a compliant or non-compliant manner, the above-mentioned information leakage refers to the accidental disclosure of private data, for example, users can view unauthorized data or content, and the above-mentioned denial of service refers to the process of causing the system or software or application to be unavailable, for example, the attacker consumes all available resources of the system by sending a large number of requests to the server, resulting in the system being unavailable. The above-mentioned privilege escalation refers to a user with limited privileges obtaining privileges for other operations, for example, the attacker takes over a process or account with higher privileges and trust.

It can be understood that the above-mentioned model dimensions include various threat types that may exist in system applications. The embodiment of the present application can determine the target security requirement set corresponding to the requirement description from the perspective of various types of threats by dividing the requirement description and the reference security data into the above-mentioned model dimensions, thereby ensuring that the generated target security requirement set can meet the actual security requirements, so that the security functions developed by developers according to the target security requirement set can effectively avoid the threats of the above-mentioned different model dimensions.

FIG4 is a schematic diagram of a scenario provided by an embodiment of the present application. As shown in FIG4 , the software development life cycle (System Development Life Cycle, SDLC) is shown, which may include problem definition, feasibility analysis, overall description, system design, coding, debugging and testing, acceptance and operation, maintenance and upgrade to abandonment, among which the design stage is an important stage for the overall design of the software system based on the requirements analysis results. Compared with considering security requirements after the system is developed, completing the overall security solution design in the design stage in advance gives both developers and security personnel greater flexibility to eliminate security threats in advance and avoid passive defense such as patching afterwards. It also helps to reduce the cost of development and later maintenance. Eliminate potential threats through security design and in the testing phase Conduct security testing and verification to form a design-implementation-verification closed loop. Most security threats can be discovered through threat modeling.

In order to prevent threats from having a serious impact on the system, the embodiment of this application introduces a threat modeling process based on the STRIDE model during the development and design phase, using historically accumulated attack cases as a data set to identify potential security vulnerabilities and security threats in the system and determine the severity of each threat. Then, corresponding security requirements are generated to guide subsequent development and testing, so that potential problems can be discovered and resolved as early as possible to prevent later vulnerabilities from causing online problems.

FIG5 is a flowchart of another method for generating security requirements based on the STRIDE model provided in an embodiment of the present application. As shown in FIG5 , the method may include:

Step 211: Generate a basic threat list.

The above basic threat list refers to the above requirement description set, which can be classified according to impersonation, tampering, denial of service, information leakage, denial of service and privilege escalation.

Step 212: Acquire historical security requirement data as reference security data.

Step 213: Classify according to counterfeiting, tampering, repudiation, information leakage, denial of service and privilege escalation to obtain a reference security requirement set.

Step 214: Calculate the text vector of each reference security requirement.

Specifically, doc2vec can be used for calculation.

Step 215: Calculate the text similarity between the reference security requirements using cosine similarity.

Step 216: Cluster the reference security requirements.

Specifically, clustering can be performed using the k-means algorithm.

Step 217: Determine the similarity between the basic threat description and the clustered security requirements through cosine similarity.

Step 218: Output the security requirements that exceed the similarity threshold to obtain a target security requirement list.

It can be seen that the security requirement generation method based on the STRIDE model proposed in the embodiment of the present application can obtain the similarity between the requirement description and the security requirement to be selected under the same model dimension according to the model dimension, thereby improving the accuracy of the similarity calculation. At the same time, the target security requirement corresponding to the requirement description is selected through the similarity between the requirement description and the security requirement to be selected, and a target security requirement set is generated. This can meet the requirements in the requirement description set without the need for manual editing of security requirements. Security requirements that meet the requirements can be selected based on the similarity, thereby improving the efficiency of generating the target security requirement set, and obtaining a relatively comprehensive list of security requirements through basic threat information.

FIG6 is a structural block diagram of a security requirement generation device 80 based on a STRIDE model provided in an embodiment of the present application. As shown in FIG6 , the device may include:

A requirement description acquisition module 801 is used to acquire a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the STRIDE model division;

A security data partitioning module 802 is used to partition executable reference security data based on the STRIDE model to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions;

A first similarity acquisition module 803 is used to acquire, for any requirement description in the requirement description set, a first similarity between the requirement description and each candidate security requirement; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description;

A selection module 804 is used to select a candidate security requirement corresponding to the requirement description as a target security requirement based on a first similarity between the requirement description and each candidate security requirement;

The target security requirement set generating module 805 is used to generate a target security requirement set based on the target security requirements corresponding to each of the requirement descriptions.

In some embodiments, the device 80 further comprises:

A classification module, for classifying, for any of the model dimensions, the security requirements in the reference security requirements set corresponding to the model dimension, to obtain security requirements of different categories under the model dimension; any category of security requirements includes a central requirement;

The selection module 804 is specifically used for:

Obtaining a second similarity between the requirement description and each target central requirement as a similarity threshold of each category; the target central requirement is a central requirement in a category under the model dimension corresponding to the selected security requirement;

Based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category, a candidate security requirement corresponding to the requirement description is selected.

In some embodiments, the classification module is specifically used to:

Selecting a plurality of initial central requirements from the security requirements corresponding to the model dimension in the reference security requirement set as candidate central requirements; one candidate central requirement correspondingly represents one of the categories;

For any security requirement in the reference security requirement set corresponding to the model dimension, obtaining a third similarity between the security requirement and each of the candidate center requirements;

Classifying the security requirements into categories represented by the corresponding candidate center requirements with the largest third similarity;

Based on the security requirements contained in each category, multiple center requirements are reselected as the candidate center requirements, and based on each of the candidate center requirements, the operation of obtaining the third similarity between the security requirements and each of the candidate center requirements is re-executed until the preset termination condition is reached, and the current candidate center requirements are used as the target center requirements, and the current classification result is used as the final classification result.

In some embodiments, the selection module 804 is further configured to:

For any of the security requirements to be selected, obtaining a similarity threshold of the category to which the security requirement to be selected belongs from the similarity thresholds of the categories as a target similarity threshold corresponding to the security requirement to be selected;

In a case where the first similarity between the candidate security requirement and the requirement description is not lower than a target similarity threshold corresponding to the candidate security requirement, the candidate security requirement is determined as the candidate security requirement corresponding to the requirement description.

In some embodiments, the first similarity acquisition module is specifically used to:

Obtaining a first text vector corresponding to each of the to-be-selected security requirements and a second text vector corresponding to the requirement description;

Based on the second text vector and the first text vector corresponding to each of the candidate safety requirements, a first similarity between the requirement description and each of the candidate safety requirements is determined.

In some embodiments, the security data partitioning module 802 is specifically used to:

Acquire semantic information of each piece of security data contained in the reference security data;

For any piece of the security data, the semantic information of the security data is used as the input of the STRIDE model, and the STRIDE model divides the security data into corresponding model dimensions according to the semantic information.

In some embodiments, the requirement description acquisition module 801 is specifically used to:

Obtain threat information of each process in the process to be processed;

For any of the processes, determining a requirement description corresponding to the process according to the threat information;

For any of the requirement descriptions, the semantic information of the requirement description is used as the input of the STRIDE model, and the STRIDE model divides the requirement description into corresponding model dimensions according to the semantic information.

In some embodiments, the model dimensions include impersonation, tampering, repudiation, information leakage, denial of service, and privilege escalation.

In summary, the embodiment of the present application obtains a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the STRIDE model; based on the STRIDE model, executable reference security data is divided to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions; for any requirement description in the requirement description set, a first similarity between the requirement description and each candidate security requirement is obtained; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description; based on the first similarity between the requirement description and each candidate security requirement, a candidate security requirement corresponding to the requirement description is selected as a target security requirement; and a target security requirement set is generated based on the target security requirements corresponding to each of the requirement descriptions. In this way, by dividing the requirement description set and the reference security requirement set based on the STRIDE model, the first similarity between the requirement description and the candidate security requirement under the same model dimension can be obtained according to the model dimension, thereby improving the accuracy of the first similarity calculation. At the same time, the target security requirement corresponding to the requirement description is selected through the first similarity between the requirement description and the candidate security requirement, and a target security requirement set is generated. The obtained target security requirement is consistent with the requirement description, and there is no need to manually edit the security requirement. Only the security requirement that meets the requirements can be selected according to the first similarity, thereby improving the efficiency of generating the target security requirement set.

In another embodiment provided by the present application, an electronic device is provided, including a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other through the communication bus;

Memory, used to store computer programs;

The processor is used to perform any of the above methods when executing the program stored in the memory.

In another embodiment provided by the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores instructions. When the instructions are executed on a computer, the computer performs any of the methods described in the above embodiments.

In another embodiment provided by the present application, a computer program product including instructions is also provided, which, when executed on a computer, enables the computer to perform any of the methods described in the above embodiments.

In the above embodiments, it can be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the process or function described in the embodiment of the present application is generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from one website, computer, server or data center to another website, computer, server or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer or a server, data center, etc. that includes one or more available media integrated therein. Data storage device: The available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid state disk (SSD)).

It should be noted that the various data-related processes in the embodiments of the present application are all carried out in compliance with the corresponding data protection laws and policies of the country where the device is located, and with the authorization given by the owner of the corresponding device.

It should be noted that, in this article, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Moreover, the terms "include", "comprise" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, the elements defined by the sentence "comprise a ..." do not exclude the existence of other identical elements in the process, method, article or device including the elements.

Each embodiment in this specification is described in a related manner, and the same or similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the partial description of the method embodiment.

The above description is only a preferred embodiment of the present application and is not intended to limit the protection scope of the present application. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (15)

1. A method for generating security requirements based on a STRIDE model, characterized in that the method comprises:

   Obtaining a requirement description set, the requirement description set including requirement descriptions corresponding to each model dimension, the requirement description set being obtained based on the division of the STRIDE model;

   Based on the STRIDE model, executable reference security data is divided to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions;

   For any requirement description in the requirement description set, obtaining a first similarity between the requirement description and each candidate security requirement; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description;

   Based on a first similarity between the requirement description and each candidate security requirement, selecting a candidate security requirement corresponding to the requirement description as a target security requirement;

   A target security requirement set is generated based on the target security requirements corresponding to each of the requirement descriptions.
2. The method according to claim 1, characterized in that the method further comprises:

   For any of the model dimensions, classify the security requirements in the reference security requirements set corresponding to the model dimension to obtain different categories of security requirements under the model dimension; any category of security requirements includes a central requirement;

   The selecting, based on the first similarity between the requirement description and each of the candidate security requirements, the candidate security requirement corresponding to the requirement description includes:

   Obtaining a second similarity between the requirement description and each target central requirement as a similarity threshold of each category; the target central requirement is a central requirement in a category under the model dimension corresponding to the selected security requirement;

   Based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category, a candidate security requirement corresponding to the requirement description is selected.
3. The method according to claim 2 is characterized in that the step of classifying the security requirements corresponding to the model dimension in the reference security requirement set to obtain different categories of security requirements under the model dimension comprises:

   Selecting a plurality of initial central requirements from the security requirements corresponding to the model dimension in the reference security requirement set as candidate central requirements; one candidate central requirement correspondingly represents one of the categories;

   For any security requirement in the reference security requirement set corresponding to the model dimension, obtaining a third similarity between the security requirement and each of the candidate center requirements;

   Classifying the security requirements into categories represented by the corresponding candidate center requirements with the largest third similarity;

   Based on the security requirements contained in each category, multiple center requirements are reselected as the candidate center requirements, and the operation of obtaining the third similarity between the security requirements and each candidate center requirement is re-executed based on each candidate center requirement until a preset termination condition is reached, and the current candidate center requirements are used as the target Center needs, and take the current classification result as the final classification result.
4. The method according to claim 3 is characterized in that the selecting the candidate security requirement corresponding to the requirement description based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category comprises:

   For any of the security requirements to be selected, obtaining a similarity threshold of the category to which the security requirement to be selected belongs from the similarity thresholds of the categories as a target similarity threshold corresponding to the security requirement to be selected;

   In a case where the first similarity between the candidate security requirement and the requirement description is not lower than a target similarity threshold corresponding to the candidate security requirement, the candidate security requirement is determined as the candidate security requirement corresponding to the requirement description.
5. The method according to claim 1, characterized in that the obtaining of the first similarity between the requirement description and each candidate security requirement comprises:

   Obtaining a first text vector corresponding to each of the to-be-selected security requirements and a second text vector corresponding to the requirement description;

   Based on the second text vector and the first text vector corresponding to each of the candidate safety requirements, a first similarity between the requirement description and each of the candidate safety requirements is determined.
6. The method according to claim 1, characterized in that the partitioning of executable reference safety data based on the STRIDE model comprises:

   Acquire semantic information of each piece of security data contained in the reference security data;

   For any piece of the security data, the semantic information of the security data is used as the input of the STRIDE model, and the STRIDE model divides the security data into corresponding model dimensions according to the semantic information.
7. The method according to claim 1, characterized in that the obtaining of the requirement description set comprises:

   Obtain threat information of each process in the process to be processed;

   For any of the processes, determining a requirement description corresponding to the process according to the threat information;

   For any of the requirement descriptions, the semantic information of the requirement description is used as the input of the STRIDE model, and the STRIDE model divides the requirement description into corresponding model dimensions according to the semantic information.
8. A safety requirement generation device based on the STRIDE model, characterized in that the device comprises:

   A requirement description acquisition module is used to acquire a requirement description set, wherein the requirement description set includes requirement descriptions corresponding to each model dimension, and the requirement description set is obtained based on the division of the STRIDE model;

   A security data partitioning module, used to partition executable reference security data based on the STRIDE model to obtain a reference security requirement set; the reference security requirement set includes security requirements corresponding to each of the model dimensions;

   The first similarity acquisition module is used to obtain the requirement for any requirement description in the requirement description set. a first similarity between the description and each candidate security requirement; the candidate security requirement is a security requirement whose corresponding model dimension in the reference security requirement set is consistent with the model dimension corresponding to the requirement description;

   A selection module, configured to select, based on a first similarity between the requirement description and each of the candidate security requirements, a candidate security requirement corresponding to the requirement description as a target security requirement;

   The target security requirement set generating module is used to generate a target security requirement set based on the target security requirements corresponding to each of the requirement descriptions.
9. The device according to claim 8, characterized in that the device further comprises:

   A classification module, for classifying, for any of the model dimensions, the security requirements in the reference security requirements set corresponding to the model dimension, to obtain security requirements of different categories under the model dimension; any category of security requirements includes a central requirement;

   The selection module is specifically used for:

   Obtaining a second similarity between the requirement description and each target central requirement as a similarity threshold of each category; the target central requirement is a central requirement in a category under the model dimension corresponding to the selected security requirement;

   Based on the first similarity between the requirement description and each candidate security requirement and the similarity threshold of each category, a candidate security requirement corresponding to the requirement description is selected.
10. The device according to claim 9, characterized in that the classification module is specifically used to:

    Selecting a plurality of initial central requirements from the security requirements corresponding to the model dimension in the reference security requirement set as candidate central requirements; one candidate central requirement correspondingly represents one of the categories;

    For any security requirement in the reference security requirement set corresponding to the model dimension, obtaining a third similarity between the security requirement and each of the candidate center requirements;

    Classifying the security requirements into categories represented by the corresponding candidate center requirements with the largest third similarity;

    Based on the security requirements contained in each category, multiple center requirements are reselected as the candidate center requirements, and based on each of the candidate center requirements, the operation of obtaining the third similarity between the security requirements and each of the candidate center requirements is re-executed until the preset termination condition is reached, and the current candidate center requirements are used as the target center requirements, and the current classification result is used as the final classification result.
11. The device according to claim 10, characterized in that the selection module is further used to:

    For any of the security requirements to be selected, obtaining a similarity threshold of the category to which the security requirement to be selected belongs from the similarity thresholds of the categories as a target similarity threshold corresponding to the security requirement to be selected;

    In a case where the first similarity between the candidate security requirement and the requirement description is not lower than a target similarity threshold corresponding to the candidate security requirement, the candidate security requirement is determined as the candidate security requirement corresponding to the requirement description.
12. The device according to claim 8, characterized in that the first similarity acquisition module is specifically used to:

    Obtaining a first text vector corresponding to each of the to-be-selected security requirements and a second text vector corresponding to the requirement description;

    Based on the second text vector and the first text vector corresponding to each of the candidate safety requirements, a first similarity between the requirement description and each of the candidate safety requirements is determined.
13. The device according to claim 8, characterized in that the security data partitioning module is specifically used to:

    Acquire semantic information of each piece of security data contained in the reference security data;

    For any piece of the security data, the semantic information of the security data is used as the input of the STRIDE model, and the STRIDE model divides the security data into corresponding model dimensions according to the semantic information.
14. An electronic device, characterized in that it comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

    Memory, used to store computer programs;

    A processor, for implementing any of the methods of claims 1-7 when executing a program stored in a memory.
15. A computer-readable storage medium having a computer program stored thereon, characterized in that when the program is executed by a processor, the method according to any one of claims 1 to 7 is implemented.