摘要
攻击面度量可以用来测量软件系统的安全风险,是当前软件安全度量中的一个研究热点.以软件系统攻击面为研究对象,综合现有研究对其进行一般化定义,并在一般化定义的基础上总结了软件系统攻击面研究的几个主要工作.首先从现有攻击面模型研究中归纳出枚举模型、关联模型和图模型三种模型,对它们进行了详细的介绍和比较,然后阐述了识别和测量攻击面的相关研究,对减小、操纵和移动攻击面三种增强系统安全性的应用进行了介绍,并列举了评估攻击面度量的一些观点和方法,最后对未来研究工作进行了展望.
Attack surface metric can be used to measure the security risk of software system, is a hot research topic in current software security metrics. In this paper,the software system attack surface is studied, and its general definition is given. Based on the general definition, we summarize the main work of the research on the software system attack surface. Firstly,from the existing attack surface models,three kinds of model are summed up,introduced and compared in detail,including enumeration model,relational model and graph model. Then,we describe related research of the identification and measurement of the attack surface,introduce the reducing, manipulating and moving attack surface three ways to enhance the system security, and enumerate some viewpoints and methods of e- valuation of attack surface metric. Finally,the future research work is prospected.
作者
黄康宇
杨林
徐伟光
张涛
李华波
HUANG Kang-yu;YANG Lin;XU Wei-guang;ZHANG Tao;LI Hua-bo(Army Engineering University,Nanjing 210007,China;Academy of Military Sciences,Beijing 100091,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2018年第8期1765-1773,共9页
Journal of Chinese Computer Systems
基金
2017国家重点研发计划项目(2017YFB0802900)资助
关键词
软件系统
安全度量
攻击面
攻击面识别
攻击面测量
software system
security metric
attack surface
attack surface identification
attack surface measuring
