检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]上海交通大学信息安全工程学院,上海200240
出 处:《小型微型计算机系统》2007年第9期1554-1557,共4页Journal of Chinese Computer Systems
基 金:国家自然科学基金项目(60605019)资助
摘 要:漏洞评估技术基于防患于未然思想,采用主动探测方法发现系统存在的安全漏洞并提供相应解决方案.针对目前漏洞评估系统存在误报率高、扫描时间长且需要开发攻击代码的缺点,本文提出一种基于OVAL的新型漏洞评估系统.该系统由控制台、数据中心和检测代理3大模块组成,这三个模块协同实现漏洞评估.与现有漏洞评估系统相比,具有精度高、对目标系统性能影响小、评估时间短和可扩展性强的优点,而且免除传统漏洞评估系统所需的攻击代码开发工作.The main intention of vulnerability assessment technology is to find existed vulnerabilities hidden in the networked systems by active probing and to provide corresponding solutions before hackers exploit them. It is based on the idea of nip in the bud. The most vulnerability assessment systems have shortcomings of high false rate, long-term scanning period and Using exploit code. Aimed at these shortcomings, a novel model of vulnerability assessment based on open vulnerability assessment language is proposed in this ,paper. The proposed system consists of three modules: central console, checking agent and data center, which corporate to achieve vulnerability assessment. Compared with other vulnerability assessment systems, it is of high precision, low impact on the audited system performance, short term scanning period and strong sealability. Moreover, it avoids the work of developing exploit code required by traditional vulnerability assessment systems.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.166
