摘要
为了保证密码产品风险评估的客观性和准确性,提出了基于威胁分析的定量密码产品安全风险评估方法。针对现有基于安全威胁分析的风险评估方法中,安全威胁概率大都依靠专家经验确定的不足,引入贝叶斯理论,在安全威胁分析和安全防护措施分级的基础上,根据安全威胁和安全防护措施因果关系构建贝叶斯评估网络,计算安全威胁生效概率和产品安全风险值。应用该方法对HAIPE进行了风险评估,实验结果表明了该方法的有效性和合理性。
To ensure objectivity and accuracy of the cryptographic product risk assessment, a quantitative risk assessment method based on threat analysis is proposed. According to the shortcoming of threat probability dependence on expert experience in secu rity risk assessment method based on security threat analysis. On the basis of threat analysis and security measure classification, the method calculates the security threat available-probability and security risk value of cryptographic products by the Bayesian network, which is built on the causality between security threats and measures. Finally, the method is used to assess the security risk of HAIPE, test and verify the availability and rationality of the proposed method.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第4期1290-1294,共5页
Computer Engineering and Design
关键词
密码产品
安全威胁
安全措施
贝叶斯网络
安全风险评估
cryptographic product
security threat
security measure
Bayesian network
security risk assessment
