期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击面的安全评估体系研究 被引量:4

Security Evaluation System based on Attack Surface
在线阅读 下载PDF
导出
摘要 随着信息技术的发展,网络系统面临的安全问题日趋严峻。信息系统的静态不变性使得攻击者能够根据信息系统的属性特点,多角度开展攻击。现有的标准规范以检验系统是否达到安全保密要求为主,缺少对信息系统安全程度的定性和定量测量。攻击面表示攻击者能够进入系统并造成破坏的方法集合,因此从攻击面着手对系统安全性开展度量,能够体现系统被破坏的潜在可能性和实施攻击所需付出的代价程度。鉴于此,提出了一种基于攻击面的安全威胁评估体系。该体系通过探索攻击面形式化表达方法及数学模型,梳理了网络空间系统攻击面度量指标体系,随后基于最大熵马尔科夫模型和条件随机场模型,研究基于动态攻击面的安全威胁评估方法。提出的基于攻击面安全威胁评估体系能够用于网络系统安全程度量化评估,评估结果既可作为网络系统优化设计的参考,又可作为安全防御体系的效能评估数据依据。 With the development of information technology,the security problems faced by network systems have become increasingly severe.The static immutability of information systems enables attackers to launch attacks from multiple angles according to the attributes of the information systems.Existing standards and specifications mainly focus on testing whether the system meets the requirements of security and confidentiality,but lack of qualitative and quantitative measurement of information system security.Attack surface represents the collection of methods by which an attacker can enter the system and cause damage.Therefore,to measure the system security from the attack surface can reflect the potential damage of the system and the cost of the attack.This paper proposes a security threat assessment system based on the attack surface.The system,through exploration on the formal expression method and mathematical model of the attack surface,combs the attack surface measurement index system of the cyberspace system,and then based on the Maximum Entropy Markov model and conditions.Random field model studies security threat assessment methods based on dynamic attack surface.The security threat assessment system based on the attack surface proposed in this paper can be used of network system security degree,and the evaluation results can be used as reference for network system optimization design and as the data basis for effectiveness evaluation of security defense system.
作者 廉新科 闫卿 LIAN Xin-ke;YAN Qing(Unit 91977 of PLA,Beijing 100036,China)
机构地区 中国人民解放军
出处 《通信技术》 2020年第10期2567-2572,共6页 Communications Technology
关键词 攻击面 度量模型 安全评估 指标体系 attack surface measurement model security assessment index system
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献1

二级参考文献19

  • 1Computing Research Association (CRA). Four grand challenges in trustworthy computing [ EB/OL]. [ 2012-04-16]. http://archive. cra. org/reports/trustworthy, computing, pdf.
  • 2BEN SWARUP M, SEETHA RAMAIAH P. An approach to model- ing software safety in safety-critical systems [ J]. Journal of Comput- er Science, 2009, 5(4): 311-322.
  • 3CLIFTON A, ERICSON I I. Hazard analysis techniques for system safety [ M]. New York: John Wiley & Sons, 2005.
  • 4FENTON N, NEIL M. Measuring your risks: numbers that would make sense to Bruce Willis and his crew [ EB/OL]. [2010-04-07]. http://www, agenarisk, corn/resources/white _ papers/Measuring _ Risks. pdf.
  • 5ALBERTS C, ALLEN J, STODDARD R. Security measurement and analysis [ EB/OL]. [ 2012-03-20]. http://www, cert. org/archive/ pdf/SecurityMeasurementandAnalysis, pdf.
  • 6MANADHATA P K, TAN K M C, MAXION R A, et al. An ap- proach to measuring a system's attack surface, CMU-CS-07-146 [ R]. Pittsburgh: Carnegie Mellon University, 2007.
  • 7MANADHATA P K, WING J M. An attack surface metric [ J]. IEEE Transactions on Software Engineering, 2011, 37(3): 371 - 386.
  • 8HOWARD M, LeBLANC D. Writing secure code [ M]. Washing-ton, DC: Microsoft Press, 2002.
  • 9HOWARD M, LIPNER S. The secure development life-cycle [ M]. Washington, DC: Microsoft Press, 2006.
  • 10ROBERT M G. Entropy and information theory [ M]. Berlin: Springer-Verlag, 1990.

共引文献7

同被引文献32

引证文献4

二级引证文献2

通信技术
2020年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部