摘要
依据风险评估理论,提出了基于模糊层次分析法的国家电网边缘计算信息系统安全风险评估方法。给出了设备层、数据层、网络层、应用层和管理层5个方面的安全评估项。在此基础上,针对网络安全评估,通过层次分析法比较评估项的重要程度,再结合模糊综合评价矩阵,计算得到网络安全的整体安全评价数值,据此对网络安全方面进行风险评估,并比较不同场景下的安全评估效果。最后,采用Microsoft威胁建模工具构建国家电网边缘计算信息系统威胁模型,对风险进行分析和安全加固。
Based on the risk assessment theory,this paper proposed a risk analytic method based on fuzzy analytic hiera-rchy process for State Grid Corporation of China Edge Computing Information System.The security assessment items of five aspects of equipment layer,data layer,network layer,application layer and management layer are given.On the basis of this,for the aspect of network security,the importance degree of the evaluation item is compared by analytic hie-rarchy process.And then combined with fuzzy comprehensive evaluation matrix,the overall security evaluation value of network security is calculated,and risk assessment on network security is conducted,and the security assessment results are compared in different scenarios.Finally,the Microsoft threat modeling tool is used to construct the State Grid Corporation of China Edge Computing Information System threat model,which is used to analyze and reinforce the risk.
作者
詹雄
郭昊
何小芸
刘周斌
孙学洁
陈红松
ZHAN Xiong;GUO Hao;HE Xiao-yun;LIU Zhou-bin;SUN Xue-jie;CHEN Hong-song(Global Energy Interconnection Research Institute Co.,Ltd,Beijing 102209,China;State Grid Key Laboratory of Information&Network Security,Beijing 102209,China;State Grid Zhejiang Electric Power Research Institute co.,ltd,Hangzhou 310014,China;School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China)
出处
《计算机科学》
CSCD
北大核心
2019年第S11期428-432,共5页
Computer Science
基金
国家电网公司科技项目(52110118001H,52110418001B)资助
关键词
智能电网
边缘计算
信息安全
风险评估
Smart grid
Edge calculation
Information security
Risk assessment