期刊文献+

CVSS环境指标变量对系统安全的影响研究 被引量:4

Influence of CVSS environmental metrics on system security
下载PDF
导出
摘要 通用漏洞评分体系(CVSS)分三个层次对漏洞的威胁进行评估,特定系统的安全性反映在最终的环境分层面上。在CVSS的三组指标变量中,仅环境指标变量取决于特定组织机构、特定系统,难以自动获取,是用户实施安全风险管理和控制策略中关键的和最困难的环节。在分析CVSS计算方法基础上,研究环境指标变量对最终CVSS总分的影响,给出了环境指标向量对CVSS环境分影响的总体估计式,同时给出了环境向量各分量单独影响的估计式。实验表明,本文在CVSS环境指标变量的总体影响和分项指标影响两方面,实现了精度提升,进入了实际标准完全可接受的范围。 The common vulnerability scoring system (CVSS) evaluates the threats of vulnerabilities of a particular system at three levels, and the final environmental scores reflect the degree of its security. In the CVSS metrics, CVSS environmental metrics are the only variable that depends on the conditions of the target organization or system, so obtaining their values becomes the key and most difficult part for users to implement security risk management and control strategies. To solve this issue, we study the influence of environmental metrics on the final CVSS environmental scores, and give an overall estimation of environmental metrics vector influence on CVSS environmental scores, as well as the formulas of each vector component's influence on the score. Experimental results show that the new estimation method can improve the accuracy in the aspects of environmental metrics' overall impact and sub-index influence on CVSS environmental scores, thus entering the completely accepted range of the de-facto standard.
作者 周诗洋 傅鹂
出处 《计算机工程与科学》 CSCD 北大核心 2016年第12期2463-2470,共8页 Computer Engineering & Science
基金 国家自然科学基金(61472054)
关键词 漏洞 通用漏洞评分体系(CVSS) 环境指标 评分 安全 vulnerability common vulnerability scoring system (CVSS) environmental metric scoring security
  • 相关文献

参考文献1

二级参考文献13

  • 1Sanders A,Sun T,Pan Y. Correlating risk findings to quantify risk[A].{H}Amsterdam:Netherlands,2012.752-759.
  • 2Jiang J,Ding L,Zhai E. VRank:A context-aware approach to vulnerability scoring and ranking in SOA[A].Uaithersburg,USA,2012.61-70.
  • 3Wang C,Bao Y,Liang X. Vulnerability Evaluating Based on Attack Graph[A].Springer Berlin Heidelberg,2013.555-563.
  • 4Giakouminakis A,Malm E,Loder C. Methods and systems for improved risk scoring of vulnerabilities[P].U.S.Patent:20130074188,2013.
  • 5Scarfone K,Mell P. An analysis of CVSS version 2 vulnerability scoring[A].Lake Buena Vista,USA,2009.516-525.
  • 6Gallon L. On the impact of environmental metrics on CVSS scores[A].Minneapdis,USA,2010.987-992.
  • 7Ali A,Zavarsky P,Lindskog D. A software application to analyze the effects of temporal and environmental metrics on overall CVSS v2 score[A].{H}London,UK,2011.109-113.
  • 8Mell P,Scarfone K,Romanosky S. A complete guide to the common vulnerability scoring system version 2.0[A].2007.1-23.
  • 9Fruhwirth C,Mannisto T. Improving CVSS-based vulnerability prioritization and response with context information[A].Lake Buena Vista,USA,2009.535-544.
  • 10Mell P,Scarfone K,Romanosky S. Common vulnerability scoring system[J].Security & Privacy,2006,(06):85-89.

共引文献4

同被引文献17

引证文献4

二级引证文献12

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部