摘要
针对边缘计算面临的安全威胁,提出一种基于攻击区域的威胁模型。在威胁发现阶段,根据边缘计算架构确立了安全边界内主要的攻击区域,在每个区域内建立了攻击树进行威胁分解,用叶节点表示具体的攻击方法。在威胁量化阶段,为了减小评估过程存在主观因素的影响,采用了模糊层次分析法(FAHP)计算叶节点的攻击概率。在威胁消减阶段,分析了每棵攻击树的攻击路径,确定了各区域的攻击概率并制定了威胁应对措施。结果表明,该模型能够识别边缘计算场景下的主要安全威胁,通过威胁消减措施有助于提升边缘计算产品和应用的安全性。
Concerning the security threat faced by edge computing,a threat model based on attack zone is proposed.In the threat discovery stage,the main attack zones within the security boundary are established according to the edge computing architecture,and the attack tree is established for each region to analyse the threat,and the specific attack methods are represented by leaf nodes.In the stage of threat quantification,in order to reduce the influence of subjective factors in the evaluation process,fuzzy analytic hierarchy process(FAHP)is used to calculate the attack probability of each leaf node.In the stage of threat mitigation,the attack path of each tree is analyzed,the attack probability of each region is determined,and the threat response measures are formulated.The results show that the model can identify the main security threats in the scene of edge computing,and the threat mitigation measures can help to improve the security of edge computing products and applications.
作者
苏振宇
徐峥
刘雁鸣
麻付强
赵媛
曹柱
SU Zhenyu;XU Zheng;LIU Yanming;MA Fuqiang;ZHAO Yuan;CAO Zhu(Security Technology Department,Inspur Electronic Information Industry Company Limited,Jinan 250101,China)
出处
《齐鲁工业大学学报》
CAS
2023年第1期36-42,共7页
Journal of Qilu University of Technology
关键词
边缘计算
威胁模型
攻击区域
攻击树
模糊层次分析法
edge computing
threat model
attack zone
attack tree
fuzzy analytic hierarchy process
