摘要
针对表述性状态传递(REST)架构本身安全机制不够完善的问题,提出基于攻击图的REST架构安全分析与评估,利用攻击图实现了对REST架构的安全性量化评估。首先,对REST架构可能受到的攻击进行了预测,据此构造了REST架构攻击图模型,并计算了攻击可能性指标和攻击实现度指标。然后,针对攻击图中的攻击状态及攻击行为,提出了安全防护措施,据此重新构造了REST架构攻击图模型,并计算了攻击可能性指标和攻击实现度指标。经比较,采用安全防护措施后,攻击可能性指标降低至原来的约1/10,攻击实现度指标降低至原来的约1/86。比较结果表明,所构造的攻击图模型能够对REST架构的安全性能进行有效的量化评估。
The security mechanism of REpresentational State Transfer(REST) architecture is not perfect. In order to solve the problem, the security analysis and evaluation of REST architecture based on attack graph was proposed, and the security quantitative evaluation of REST architecture was realized by using attack graph. Firstly, the possible attack of REST architecture was predicted, the REST architecture attack graph model was constructed accordingly, and the attack probability parameter and attack realization parameter were calculated. Then, according to the attack state and attack behavior of attack graph, the security protection measures were proposed. In view of the above, the REST architecture attack graph model was reconstructed, and the attack probability parameter and attack realization parameter were recalculated too. By comparison,after the adoption of security protection measures, the attack possibility parameter has been reduced to about 1/10, and the attack realization parameter has been reduced to about 1/86. The comparison results show that the constructed attack graph can effectively and quantitatively evaluate the security performance of REST architecture.
作者
张游杰
张清萍
吴伟
师哲
ZHANG Youjie 1 , ZHANG Qingping 1, WU wei 1, SHI Zhe 2(1. CETC North-China Cyber Security Company Limited,No.33 Research Institute of China Electronics Technology Group Corporation, Taiyuan Shanxi 030032, China ;2. School of Computer Science, Nanjing University of Posts and Telecommunications, Naijing Jiangsu 210023, Chin)
出处
《计算机应用》
CSCD
北大核心
2018年第6期1653-1657,共5页
journal of Computer Applications
关键词
表述性态传递
攻击图
安全评估
攻击可能性
攻击实现度
REpresentational State Transfer (REST)
attack graph
security evaluation
attack probability
attack realization
