Threat Modeling-Oriented Attack Path Evaluating Algorithm

Threat Modeling-Oriented Attack Path Evaluating Algorithm

下载PDF

导出

摘要 In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms. In order to evaluate all attack paths in a threat tree, based on threat modeling theory, a weight distribution algorithm of the root node in a threat tree is designed, which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage. Besides, an algorithm of searching attack path was also obtained in accordence with its definition. Finally, an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree, the weight distribution information, and the attack paths. An example threat tree is given to verify the effectiveness of the algorithms.

作者李晓红刘然冯志勇何可

机构地区 School of Computer Science and Technology

出处《Transactions of Tianjin University》 EI CAS 2009年第3期162-167,共6页 天津大学学报（英文版）

基金 Supported by National Natural Science Foundation of China (No.90718023) National High-Tech Research and Development Program of China (No.2007AA01Z130)

关键词攻击路径分配算法威胁树建模理论评价制度导向分布信息重量 attack tree attack path threat modeling threat coefficient attack path evaluation

分类号 TP301.6 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献10

1Amenaza Technologies Limited.Hostile Risk Decisions and Capability-based Analysis. http://www.amenaza.com . 2005
2Microsoft ACE Team.Microsoft Threat Analysis and Modeling. http://msdn.microsoft.com/en-us/security/default.aspx . 2006
3Li X H,He K.A unified threat model for assessing threat in web application[].Proceedings of the Second In-ternational Conference on Information Security and As-surance.2008
4Viega J,Messier M.Security is harder than you think[].ACM Queue.2004
5Redwine S T.Workshop on secure software engineering education and training[].Proceedings of Software Engineering Education and Training.2006
6Peine H.Rules of thumb for secure software engineering[].Proceedings of theth International Conference on Software Engineering.2005
7Davis N.Secure Software Development Life Cycle Processes:A Technology Scouting Report[]..2005
8Bruce Sehneier.Attack Trees: Modeling Security Threats[].Dr Dobbs Journal.1999
9Moore A P,Ellison R J,Linger R C.Attack Modeling for Information Security and Survivability. CMU/SEI-2001-TN-001 . 2001
10Michael Howard,David LeBlanc.Writing Secure Code[]..2002

1叶铭.信息系统风险评估(二)[J].信息网络安全,2003(2):66-67. 被引量：2
2杨武,王晓云,李波.基于威胁树的系统安全评价模型研究[J].计算机科学,2005,32(6):91-93. 被引量：1
3陈丽莉.基于威胁树的第三方支付信息安全风险评估[J].信息安全与技术,2013,4(8):32-35. 被引量：2
4向宏,张海亮,李舸.威胁型安全域指标体系[J].重庆工学院学报,2007,21(23):94-97. 被引量：3
5伍丁红.高校计算机教育教学改革研究[J].计算机教育,2005(11):40-41. 被引量：14
6李梁,黄新芳,赵霖.威胁树模型在风险评估中的应用[J].计算机应用,2003,23(z2):188-190. 被引量：5
7李二亮.第三方支付系统威胁树信息安全评估研究[J].计算机应用研究,2014,31(4):1204-1207. 被引量：4
8徐超,何炎祥,陈勇,吴伟,刘健博,苏雯.面向嵌入式系统的威胁建模与风险评估[J].计算机应用研究,2012,29(3):826-828. 被引量：4
9张云.高中信息技术教学现状与对策初探[J].中国信息技术教育,2009(8):22-22. 被引量：1
10杜尧.基于云计算的某企业信息系统的安全分析[J].中外企业家,2014(4Z):226-227. 被引量：1

Transactions of Tianjin University

2009年第3期

浏览历史

内容加载中请稍等...

Threat Modeling-Oriented Attack Path Evaluating Algorithm

参考文献10

相关作者

相关机构

相关主题

浏览历史