软件结构脆弱性分析  

Analysis of Software Structure Vulnerabilities

在线阅读下载全文

作  者:苏健民[1] 许团[1] 王颖[2] 崔宝江[3] 姜岚[4] 孙维连[5] 

机构地区:[1]东北林业大学信息与计算机工程学院,黑龙江哈尔滨150040 [2]信息工程大学信息工程学院,河南郑州450002 [3]北京邮电大学计算机科学与技术学院,北京100876 [4]黑龙江省政务信息化管理服务中心,黑龙江哈尔滨150001 [5]佳木斯大学,黑龙江佳木斯154007

出  处:《电子学报》2009年第11期2403-2408,共6页Acta Electronica Sinica

基  金:国家863高技术研究发展计划(No.2007AA01Z466);国家863重点项目(No.2008AA011004)

摘  要:文章首先应用系统工程定性定量的方法,以语言性质为基础,通过语义关系量化软件的动态运行过程,在整体上以软件元素及其关系架构起软件的系统关系结构,其次对软件结构的脆弱性进行数学建模,以变异S-粗集的演算对软件运行过程的迁移特性进行分析,建立软件元素运行过程的迁移方程式组,通过推导得到软件结构的随机概率特征值,度量出软件结构的脆弱性,然后给出了软件脆弱度的主动控制方法,以及软件攻击面和可信性的计算方法,并提出制定完备编程规范的工程规则.最后测试了两个开源软件对该方法进行验证,并系统地分析了实验过程和相关数据.We present a systems engineering method to analyze software vulnerabilities. We constructed the relational structure of software systems with software elements through the function of semantic relations between them at run time,in which the dynamic operation processes of software are quantified by the semantic relations based on the common natures of languages. Using the structure, we built a mathematical model to describe the property of software transfer states during their operational processes upon calculus of variation S-rough sets. Within the model, systems of transfer equations are established to compute the transfer operation of software elements,from which we deduced the stochastic-probability eigenvalues of software structures to certain constants. By analyzing software structures' vulnerabilities, we dealt with the derivation of fonnulas that calculate attack surface and measure software credibility, and proposed rules to control software vulnerabilities actively and develop programming specifications completely. To verify the methodology this paper presents, two open source software were tested, and experimental data were analyzed systematically.

关 键 词:脆弱性 关系结构 系统工程 迁移方程组 编程规则 

分 类 号:TP31[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象