检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:吴彩华[1] 刘俊涛[2] 朱小冬[1] 叶飞[1]
机构地区:[1]军械工程学院6系维修工程研究所,石家庄050003 [2]军械工程学院5系软件工程教研室,石家庄050003
出 处:《计算机科学》2009年第4期159-162,共4页Computer Science
基 金:十一五国防预先研究项目(项目名称:软件密集型装备保障技术;项目编号:513270104)资助
摘 要:操作系统等系统软件中的安全漏洞本质上是一种没有满足软件安全性的缺陷。对安全漏洞的检测过程进行深入研究能够使安全测试人员合理分配测试资源,更准确地评估软件的安全性。深入分析了影响操作系统软件安全漏洞检测的因素,认为安全漏洞检测速度与软件的市场占有率、已发现漏洞数和未发现漏洞数成正比。在此基础上建立了基于市场占有率的漏洞检测模型。该模型表明:在软件发布之前只会暴露少量安全漏洞;某些安全漏洞最终不会被检测到。这两个结论已被实际的数据证实。最后用提出的模型分析了三种流行操作系统的漏洞检测数据集。与同类模型相比,模型具有更好的拟合能力与预测能力。Essentially, vulnerability is a kind of software defect dissatisfying the security requirements. Research on the process of vulnerability discovery can help the security testers assign the resource correctly and then evaluate the security of the system accurately. The factors influencing the vulnerability discovery were analyzed, and then it is concluded that the change rate of the cumulative number of vulnerabilities is in direct proportion to the market share of the software, number of discovered vulnerabilities and the number of undiscovered vulnerabilities. It is concluded that the vulnerability discovery model based on market share for operating systems was proposed. Only a few vulnerabilities are discovered while the software is published and some of the vulnerabilities can never be discovered, which is proved in practice. Finally, the vulnerability discovery data of three popular operating systems were analyzed using the proposed model. Compared with the similar model, the proposed model is better at fitting and prediction.
分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.31