摘要
文章提出了一种针对国产通用基础软件的等级保护测评原型。该原型在深入对比分析国内外主要等级保护相关标准的基础上,充分考虑了国产通用基础软件自身的特点。原型的内容既涵盖了软件代码、体系结构风险等常规软件安全测试项目,还包括了身份鉴别、访问控制、完整性等等级保护中的要求。本文提出的测评原型既可以为建立国产通用基础软件的安全测试标准体系提供参考,也可以用来指导国产通用基础软件的安全性测试工作。
In this paper, a classified protection test prototype for domestic general basic software is proposed. Based on comparing and analyzing the main classified protection standards at home and abroad, the characters of domestic general basic software is considered fully in the process of building the prototype. More precisely, the content of the prototype includes not only the normal software security test terms such as software code, the risk of architecture, but also the classified protection test terms such as identification, access control and integrity. Therefore, the proposed prototype is able to provide a survey for constructing the security test standard system of domestic general basic software. Moreover, it also can guide the security test of domestic general basic software in the future.
基金
适用于重要信息系统的产品安全性检验平台项目(编号:C13383)支持
关键词
等级保护
通用基础软件
软件安全测试
classified protection
general basic software
software security test
