关键词: J2EE, 安全性评估, 组件, 安全属性树形模型

Abstract: In order to identify potential risks of J2EE architecture and assess the implementation of J2EE security mechanisms, this paper presents a quantitative J2EE security evaluation method based on the security of components. The method focuses on efforts to architecture security mechanism through refining the security of architecture to component level and describing component security mechanism by security tree. In this process, components of J2EE architecture are classified and their security measures are identified according to the component function and J2EE level. Then, an integration process of analytic hierarchy process (AHP) and fuzzy evaluation analysis is used to consider quantitative and qualitative factors in evaluating the security of components to obtain security conclusions of architecture. The experiments show that this method can not only improve the evaluation efficiency, but also make the security evaluation process more objective and accurate.

Key words: J2EE, security evaluation, component, security tree model