為了能夠因應資訊時代的快速變遷，系統設計經常會在程式碼撰寫之後再與系
統文件同時進行撰寫，在短時間內完成軟體開發以提升市場競爭力。因此，軟體設計
者可以利用反向工程方法讓系統文件產出能夠更加的快速。反向工程產出系統文件能
夠大幅縮短產出文件的時間，讓系統開發更有效率。在系統開發後透過反向工程產出
分析設計文件，比起過去在系統開發階段前就需產出相關文件會更加容易、迅速且正
確。軟體反向工程能讓開發人員更專注於系統開發，並同時獲得足夠的系統資訊輔助
其開發。本研究希望以資訊安全的角度分析反向工程後UML 圖是否具備一定的安全
性品質。結合Microsoft 所提出的資訊安全架構STRIDE 與知識系統常用的本體論，進
而對UML 圖形之安全性品質進行規範及評核。

In order to cope with the rapid change of the information era, the system design will
be often written along with the system documents, such as the “Uniform Modeling Language
(UML)” after the code is programmed, and complete software development in a short period
of time to enhance market competitiveness. Therefore, software designers can utilize
software reverse engineering (SRE) methods to accomplish the system documents faster and
more efficiently. It will significantly reduce the time of generating the documents when using
SRE methods and also make the system developed more efficiently. It is easier, faster, and
more accurate to generate the analysis design documents by means of SRE methods after the
system is developed than to make the relevant documents before the system is developed in
past. The software SRE is able to make the developing engineers focus more on the system
development, and to simultaneously acquire adequate system information assistances. From
the perspective of information security, this research is to analyze whether the UML
diagrams possess the security quality after using software reverse engineering and to combine
the information security architecture – STRIDE proposed by Microsoft and the ontology
commonly used in the knowledge system, further, to standardize and evaluate the security
quality of UML diagrams.

Amir, M., Khan, K., Khan, A., & Khan, M. (2013). An appraisal of agile software development
process. International Journal of Advanced Science & Technology, 58(56), 20.
Antoniou, G., & Van Harmelen, F. (2004). A semantic web primer: MIT press.
Bishop, M. (2003). What is computer security? IEEE Security & Privacy, 99(1), 67-69.
Briand, L. C., Labiche, Y., & Leduc, J. (2006). Toward the reverse engineering of UML
sequence diagrams for distributed Java software. IEEE Transactions on Software
Engineering, 32(9), 642-663.
Canfora, G., Di Penta, M., & Cerulo, L. (2011). Achievements and challenges in software
reverse engineering. Communications of the ACM, 54(4), 142-151.
Chidamber, S. R., & Kemerer, C. F. (1994). A metrics suite for object oriented design. IEEE
Transactions on Software Engineering, 20(6), 476-493.
Chikofsky, E. J. C., James H. (1990). Reverse engineering and design recovery: A taxonomy.
IEEE software, 7(1), 13-17.
Dale R. Thompson, J., Michael K. Daugherty. (2014). Teaching RFID information systems
security. IEEE Transactions on Education, 57(1), 42-47.
de Almeida Biolchini, J. C., Mian, P. G., Natali, A. C. C., Conte, T. U., & Travassos, G. H. (2007).
Scientific research ontology to support systematic review in software engineering.
Advanced Engineering Informatics, 21(2), 133-151.
Di Lucca, G. A. F., Anna Rita Tramontana, Porfirio. (2004). Reverse engineering Web
applications: the WARE approach. Journal of Software maintenance evolution:
Research practice, 16(1-2), 71-101.
Dzidek, W. J., Arisholm, E., & Briand, L. C. (2008). A realistic empirical evaluation of the costs
and benefits of UML in software maintenance. IEEE Transactions on software
engineering, 34(3), 407-432.
Fensel, D. (2001). Ontologies. In Ontologies (pp. 11-18): Springer.
Gahalaut, A. K., & Khandnor, P. (2010). Reverse engineering: an essence for software reengineering
and program analysis. International Journal of Engineering Science, 2(06),
2296-2303.
Genero, M., Manso, E., Visaggio, A., Canfora, G., & Piattini, M. (2007). Building measurebased
prediction models for UML class diagram maintainability. Empirical Software
Engineering, 12(5), 517-549.
Hafiz, M., & Johnson, R. E. (2006). Security patterns and their classification schemes.
University of Illinois at Urbana-Champaign Department of Computer Science, Tech.
Rep.
Hitchings, J. (2016). A practical solution to the complex human issues of information security
design. Information Systems Security: Facing the information society of the 21st
century, 1.
Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B., & Dean, M. (2004). SWRL:
A semantic web rule language combining OWL and RuleML. W3C Member
submission, 21(79), 1-31.
Jain, A., Nandakumar, K., & Ross, A. (2005). Score normalization in multimodal biometric
systems. Pattern recognition, 38(12), 2270-2285.
Jürjens, J. (2005). Secure systems development with UML: Springer Science & Business
Media.
K. R. Suneetha, K., Raghuraman. (2009). Identifying user behavior by analyzing web server
access log file. IJCSNS International Journal of Computer Science Network Security,
9(4), 327-332.
Kaufman, L. M. (2009). Data security in the world of cloud computing. IEEE Security Privacy,
7(4).
Keschenau, M. (2004). Reverse engineering of UML specifications from Java programs. Paper
presented at the Companion to the 19th annual ACM SIGPLAN conference on
Object-oriented programming systems, languages, and applications.
Lange, C. F., & Chaudron, M. R. (2005). Managing model quality in UML-based software
development. Paper presented at the Software Technology and Engineering Practice,
2005. 13th IEEE International Workshop on.
Liu, Z. (2011). A method of SVM with normalization in intrusion detection. Procedia
Environmental Sciences, 11, 256-262.
Maedche, A., Motik, B., Stojanovic, L., Studer, R., & Volz, R. (2003). Ontologies for enterprise
knowledge management. IEEE Intelligent systems, 18(2), 26-33.
Maedche, A., & Staab, S. (2001). Ontology learning for the semantic web. IEEE Intelligent
systems, 16(2), 72-79.
Martinez-Cruz, C., Blanco, I. J., & Vila, M. A. (2012). Ontologies versus relational databases:
are they so different? A comparison. Artificial Intelligence Review, 38(4), 271-290.
McGraw, G. (2004). Software security. IEEE Security & Privacy, 2(2), 80-83.
Michael K. Smith, C. W., Deborah L. McGuinness. (2009). OWL Web Ontology Language
Guide. W3C Recommendation.
Microsoft. (2018). Microsoft Visual Studio: Microsoft. Retrieved from
https://www.visualstudio.com/.
Munawar Hafiz, P. A., Ralph E. Johnson. (2007). Organizing security patterns. IEEE software,
24(4).
Noy, N. F., & McGuinness, D. L. (2001). Ontology development 101: A guide to creating your
first ontology. In: Stanford knowledge systems laboratory technical report KSL-01-05
and ….
Oracle. (2019). easyUML. Retrieved from
https://www.plugins.netbeans.org/plugin/55435/easyuml.
Raibulet, C., Fontana, F. A., & Zanoni, M. (2017). Model-driven reverse engineering
approaches: A systematic literature review. IEEE Access, 5, 14516-14542.
Rausand, M., & Høyland, A. (2004). System reliability theory: models, statistical methods,
and applications (Vol. 396): John Wiley & Sons.
Rugaber, S., & Stirewalt, K. (2004). Model-driven reverse engineering. IEEE software, 21(4),
45-53.
Schwalbe, K. (2015). Information technology project management: Cengage Learning.
Shostack, A. (2014). Threat modeling: Designing for security: John Wiley & Sons.
Smith, J., Johnson, B., Murphy-Hill, E., Chu, B.-T., & Richter, H. (2018). How developers
diagnose potential security vulnerabilities with a static analysis tool. IEEE
Transactions on Software Engineering.
Spyros T. Halkidis, N. T., Alexander Chatzigeorgiou, George Stephanides. (2008).
Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE
Transactions on Dependable and Secure Computing, 5(3), 13.
Systa, T., Yu, P., & Muller, H. (2000). Analyzing Java software by combining metrics and
program visualization. Paper presented at the Software Maintenance and
Reengineering, 2000. Proceedings of the Fourth European.
Thompson, D. R., Di, J., & Daugherty, M. K. (2014). Teaching RFID information systems
security. IEEE Transactions on Education, 57(1), 42-47.
Tryggeseth, E. (1997). Report from an experiment: Impact of documentation on
maintenance. Empirical software engineering, 2(2), 201-207.
Tsipenyuk, K., Chess, B., & McGraw, G. (2005). Seven pernicious kingdoms: A taxonomy of
software security errors. IEEE Security & Privacy, 3(6), 81-84.
Van Leeuwen, J. (2006). UML Software Architecture and Design Description. Christian FJ
Lange and Michel RV Chaudron. Software, IEEE, 23(2), 40-46.
Verdon, D., & McGraw, G. (2004). Risk analysis in software design. IEEE Security & Privacy,
2(4), 79-84.
Webdesign, L. (2019). Modelgoon. Retrieved from https://www.modelgoon.org/.