面向对比评估的软件系统安全度量研究  被引量:6

Study of Security Metrics of Software System for Comparative Evaluation

在线阅读下载全文

作  者:张鑫[1] 顾庆[1] 陈道蓄[1] 

机构地区:[1]南京大学计算机软件新技术国家重点实验室,南京210093

出  处:《计算机科学》2009年第9期122-126,195,共6页Computer Science

基  金:国家863项目(2006AA01Z177);江苏省自然科学基金基础研究项目(BK2006115);国家自然科学基金项目(NSFC60873027)资助

摘  要:保护质量是指安全模块在进行安全处理时需要达到的安全目标。它是以一定的量化标准来衡量的。如何客观有效地评估现有软件系统是否满足保护质量的要求已成为研究热点之一。目前,大多数安全领域的从业者使用的是具有较高主观性的定性评估方法,使得评估结果依赖于个人经验而并不可靠,从而需要独立、客观、定量的安全度量方法。针对安全度量的复杂性和实施困难的情况,提出了基于对比评估的安全度量模型,分别从攻击面、拒绝服务和攻击图的角度讨论了两个或多个软件系统之间的相对安全性,并对评估的过程和结果进行了综合分析与研究。Quality of protection can be seen as the security target of security modules when doing their security treatments, which can be judged by quantitative criteria. The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research. Currently, however, most security professionals use the qualitative method for security evaluation, which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable. So what needed are substantive and quantitative security metrics. Because of the complexity and the difficulty of implementing the security metrics, a novel security evaluation model was presented in this paper, which analyzed the relative security level of given systems from the views of attack surface, denial of service and attack graph. At last, a general discussion for the process and the result of the evaluation were given.

关 键 词:保护质量 安全度量 攻击面 拒绝服务 漏洞 攻击图 

分 类 号:TP306[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象