期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

软件脆弱性危险程度量化评估模型研究 被引量:7

Research of Evaluating Model on the Criticality of Software Vulnerability
下载PDF
导出
摘要 软件脆弱性的危险程度是对软件脆弱性被利用来攻击系统的潜在危险的度量。在分析目前已知的相关评价方法及其局限性的基础上,提出了根据脆弱性影响的严重程度和脆弱性可利用性来评估脆弱性危险程度的分析框架,并基于模糊理论,提出了软件脆弱性危险程度评估的量化模型,建立了模糊测评因素关联隶属关系的递阶层次结构,并重点分析了基于模糊集的指标量化、基于模糊关系矩阵的指标权重的确定和软件脆弱性危险程度的综合评价方法。最后,给出了模型的应用与实现。 The criticality of software vulnerability is the measurement of the potential risk of which the software vulnerability may be taken advantage for attacking the system.Based on analysis of current evaluation methods and their limitation,an analysis framework for evaluating the criticality of software vulnerability was proposed,according to the impact severity and probability of vulnerability.Based on fuzzy theory,the quantification model for evaluating the criticality of software vulnerability was proposed and the hierarchy of fuzzy evaluation factors' relationship and membership was established.The fuzzy set-based indices quantification,the fuzzy relational matrix-based indices weight value and the general evaluation method for software vulnerability criticality were emphasized.At last,the application and implement of the evaluating model were given.
作者 李艺 李新明 崔云飞
机构地区 装备指挥技术学院科研部 装备指挥技术学院EIES重点实验室 装备指挥技术学院研究生院
出处 《计算机科学》 CSCD 北大核心 2011年第6期169-172,216,共5页 Computer Science
基金 863国家课题(2006AA01Z447)资助
关键词 软件脆弱性 影响 危险程度 评估 模糊理论 Software vulnerability Impact Criticality Evaluation Fuzzy theory
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献5

二级参考文献64

  • 1Landwehr C E,Bull A R,Mcderrnoll J P,et al.A taxonomy of computer program security flaws WA 20375 -5337 [R].Information Technology Division, Naval Research Laboratory, Washington D C, 1994.
  • 2Krsul I V.Software vulnerability analysis[D].Purdue University,Computer Sciences Department,1998.
  • 3Common Vulnerability Enumeration[EB/OL].http://cve.mitre.org/cve/ index.html.
  • 4Du Wenliang,Mathur A P.Vulnerability testing of software system using fault injection,Coast YR 98-02[R].1998.
  • 5Anley C.Advanced SQL injection in SQL server applications[Z].An NGS Software Insight Security Reaserch(NISR) Publication,2002.
  • 6Grossman J.Cross-site scripting worms and viruses:The impending threat and the best defense [EB/OL].http://www.whitehatsec.com/ downloads/WHXSSThreat s.pdf.
  • 7Piessens F.A taxonomy of causes of software vulnerabilities in internet software[C]//Supplementary Proceedings of the 13th International Symposium on Software Reliability Engineering,2002:47-52.
  • 8Jiwnani K,Zelkowitz M.Susceptibility matrix:A new aid to software auditing[J].IEEE Security and Privacy,2004,2(2):16-21.
  • 9Weber S,Karger P A,Paradkar A.A software flaw taxonomy:Aiming tools at security[C]//Software Engineering at Secure SystemsBuilding Trustworthy Applications(SESS'05).[S.l.]:ACM Press,2005.
  • 10Bazaz A,Arthur J.Towards a taxonomy of vulnerabilities[C]//Proceedings of the 40th Annual Hawaii International Conference on System Sciences(HICSS' 07), Hawaii, USA, 2007.

共引文献33

同被引文献50

引证文献7

二级引证文献16

计算机科学
2011年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部