期刊文献+

基于损失量的G-O漏洞预测模型及其改进 被引量:1

G-O vulnerability forecasting model and its improvement based on loss
下载PDF
导出
摘要 分析了度量漏洞的各个指标,提出了强安全性的数学定义,并使用损失量度量和预测漏洞,解决了软件可信性统一量纲问题。同时,讨论了损失量出现规律和漏洞数量发现规律之间的相似性,确定使用预测软件缺陷的模型来预测损失量。通过借鉴经典的G-O模型,建立了软件损失量的预测模型,即提出了基于损失量的G-O漏洞预测模型,并通过使用实际漏洞库中的数据检验了模型的准确性和实用性。 Each index to measure the vulnerability was analyzed. A mathematical definition of strong security was proposed, and the loss measurement and forecasting of vulnerability were used to solve the problem of software dependability uniform dimension. At the same time, loss occurrence law and the number of vulnerabilities found similarities between the law were discussed, to determine whether the use of software defect prediction model to predict the amount of loss. By referring to the classical G-O model, the predictive model of software loss was established, namely model was developed to predict the loss of G-O based vulnerabilities, and the accuracy of the model and the practicability of the test by using the actual data in the vulnerability database.
出处 《电信科学》 北大核心 2015年第S1期99-105,共7页 Telecommunications Science
关键词 安全漏洞 损失量度量 G-O模型 预测模型 security vulnerability loss measurement G-O model prediction model
  • 相关文献

参考文献13

  • 1Steffen Becker,Wilhelm Hasselbring,Alexandra Paul,Marko Boskovic,Heiko Koziolek,Jan Ploski,Abhishek Dhama,Henrik Lipskoch,Matthias Rohr,Daniel Winteler,Simon Giesecke,Roland Meyer,Mani Swaminathan,Jens Happe,Margarete Muhle,Timo Warns.??Trustworthy software systems(J)ACM SIGSOFT Software Engineering Notes . 2006 (6)
  • 2PFLEEGER C P.Security in computing. . 1997
  • 3SHIN Y,WILLIAMS L.Is complexity really the enemy o software security. The 4th ACM Workshop on Quality o Protection . 2008
  • 4MUSA J D,OKUMOTO K.A logarithmic Poisson execution time model for software reliability measurement. The 7th Int’’l Conference on Software Engineering . 1984
  • 5ANDERSON R.Security in open Ve TSUS closed systems-th dance of boltzmann,coase and moore. The Conference on Open Source Software Economics . 2002
  • 6MUSA J D,IANNINO A,OKUMOTO K.Software reliabilit engineering. . 1999
  • 7VOAS J.Why is it so hard to predict software system trustworthiness from software component trustworthiness. The20th IEEE Symposium on Reliable Distributed Systems . 2001
  • 8Schultz Jr EE,Brown DS,Longstaff TA.Responding to Computer Security Incidents(OL)ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz . 1990
  • 9Musa J D.A theory of software reliability and its application. IEEE Transactions on Software Engineering . 1975
  • 10Rescorla,E.Is finding security holes a good idea?. Security & Privacy, IEEE . 2005

二级参考文献42

  • 1林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:253
  • 2闵应骅.容错计算二十五年[J].计算机学报,1995,18(12):930-943. 被引量:16
  • 3TAO Hong-wei, CHEN Yi-xiang. A metric model for trustworthiness of softwares [ C]//Proc of the IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology. Washington DC:IEEE Computer Society, 2009: 69-72.
  • 4TAO Hong-wei, CHEN Yi-xiang. A new metric model for trustworthiness of softwares[ C ]//Proc of the International Conference on Information Science and Applications. 2010:1-8.
  • 5AMOROSO E, TAYLOR C, WATSON J, et al. A process-oriented methodology for assessing and improving software trustworthiness [ C]//Proc of the ACM Conference on Computer and Communications Security. New York : ACM Press, 1994 : 39- 50.
  • 6WE Jin, LIAO Yong-jian, NIE Xu-yun,et al. The trust management model of trusted software [ C ]//Proc of International Forum on Information Technology and Applications. Washington DC : IEEE Computer Society,2009 : 534-537.
  • 7Anderson J P.Computer Security Technology Planning Study.ESD-TR-73-51,Vol.I,AD-758 206,ESD/AFSC,Hanscom AFB,Bedford MA,October 1972
  • 8ISO/IEC,Information technology-security Techniques-Evaluation Criteria for IT Security.Part 1:Introduction and General Model.2nd ed.2005.(Available at URL:http://standards.iso.org/ittf/PubliclyAvailableStandards/c040612_ISO_IEC_15408-1_2005(E).zip,accessed on April 14,2006)
  • 9Trusted Computing Group,TCG Architecture Overview,v1.2,28 April 2004.(Available at URL:https://www.trustedcomputinggroup.org/specs/IWG/TCG 1 0 Architecture_Overview.pdf,accessed on April 14,2006)
  • 10Gates B.Trustworthy Computing.Wired News,Jan.17,2002.(Available at URL:http://www.wired.com/news/business/0,1367,49826,00.html,accessed on April 14,2006)

共引文献66

同被引文献7

引证文献1

二级引证文献9

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部