摘要
依据国家网络安全等级保护与风险评估系列标准以及电力信息系统特点,提出国家电网边缘计算应用安全的风险评估模型,然后采用漏洞扫描工具AWVS、AppScan分别对集成最新安全漏洞的开源Web应用靶机软件BWAPP进行安全漏洞评测与风险评估实验,再运用模糊层次分析法对Web应用安全进行综合安全评价。针对应用程序的安全检测实验结果整理安全评估数据,实现对国家电网边缘计算应用安全风险评估的实例化验证。
According to a series of the national cyber security level protection and risk assessment standards and the characteristics of electric power information systems,a risk assessment model for application security of state grid edge computing is proposed.Then,the vulnerability scanning tools AWVS and AppScan are used to target security vulnerability evaluation and risk assessment experiments on the open source web application target software BWAPP that integrates the latest security vulnerabilities.Finally,the fuzzy analytic hierarchy method is used to comprehensively evaluate the security of Web application security.Based on the test results of the application security,the security assessment data are compiled to realize the verification of the application security risk assessment of the state grid edge computing.
作者
郭昊
何小芸
孙学洁
陈红松
刘周斌
颉靖
GUO Hao;HE Xiao-yun;SUN Xue-jie;CHEN Hong-song;LIU Zhou-bin;XIE Jing(Global Energy Interconnection Research Institute Co.,Ltd.,Beijing 102209;State Grid Key Laboratory of Information&Network Security,Beijing 102209;School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083;State Grid Zhejiang Province Electric Power Research Institute,Hangzhou 310014;Defense Electronics Institute,China Industrial Control System Cyber Emergency Response Team,Beijing 100040,China)
出处
《计算机工程与科学》
CSCD
北大核心
2020年第9期1563-1571,共9页
Computer Engineering & Science
基金
国家社会科学基金(18BGJ071)。
关键词
边缘计算
应用安全
风险评估
edge computing
application security
risk assessment
