期刊文献+

关键信息基础设施软件供应链风险分析及应对方法研究

Research on Risk Analysis and Countermeasures of Software Supply Chain in Critical Information Infrastructure
下载PDF
导出
摘要 关键信息基础设施中系统的安全保护至关重要,软件供应链风险分析在其中不可或缺.近年来供应链攻击事件迅速增长,形势严峻.以软件供应链威胁的主要诱因,如“外部”的软件成分、人员、支撑工具等要素的潜在问题分析为出发点,结合对国内外政策和技术的现状研究,提出了针对电力行业系统的软件供应链安全保障框架,涵盖了外部组件治理、供应商管理、研运设施加固、软件物料清单应用机制4方面15组安全方法,并可持续扩展,旨在为电力行业重要信息系统的软件供应链安全防护提供参考. System security protection is crucial to critical information infrastructures(CII),and software supply chain risk analysis is indispensable.In recent years,the number of supply chain attack incidents has increased rapidly.This paper first analysis the potential problems of"external"software components,personnel,tools,etc.,which are the main causes of software supply chain threats,and then summarize the current research of domestic and foreign policies and technologies.Based on these findings,a software supply chain security framework for power industry systems is proposed.It covers 15 groups of security measures across 4 aspects,including external component governance,supplier management,development and operation facilities reinforcement,usage mechanism of the software bill of materials(SBOM),all of which can be further extended.This framework can provide references on software supply chain security protection in power industry information systems.
作者 李祉岐 郭晨萌 汤文玉 杨思敏 王雪岩 Li Zhiqi;Guo Chenmeng;Tang Wenyu;Yang Simin;Wang Xueyan(State Grid Siji Network Security Technology(Beijing)Co.,Ltd.,Beijing 102200)
出处 《信息安全研究》 CSCD 北大核心 2024年第9期833-839,共7页 Journal of Information Security Research
关键词 关键信息基础设施 系统安全 软件供应链 安全保障框架 电力行业 critical information infrastructure(CII) system security software supply chain security framework power industry
  • 相关文献

参考文献2

二级参考文献24

共引文献31

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部