期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于扩展攻击树的信息系统安全风险评估 被引量:22

Information system security risk evaluation based on attack tree
下载PDF
导出
摘要 在攻击树模型的基础上,对该模型进行扩展,提出了一种新的定量的风险评估方法。在对叶子节点(原子攻击)风险值的量化中,采用了多属性效用理论,使得评估更加客观;对该方法的每一步骤均给出了具体的算法,为实现自动化的评估工具建立了基础。 This paper extended the attack tree model, and proposed a new quantitative risk evaluation method. While the risk value of the leaf node ( atomic attack) was quantified, the multi-attribute utility theory was adopted, which could make the result more reasonable. Presented all algorithms for each steps of this new evaluation method that offered a good foundation for the implementation of the automatic evaluation tool.
作者 甘早斌 吴平 路松峰 李瑞轩
机构地区 华中科技大学计算机科学与技术学院
出处 《计算机应用研究》 CSCD 北大核心 2007年第11期153-156,160,共5页 Application Research of Computers
基金 国家自然科学基金资助项目(60403027)
关键词 攻击树 攻击链 安全风险评估 attack trees security assessment risk evaluation
分类号 TP393.09 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1SCHNEIER B.Attack trees:modeling security threats[J].Dr Dobb's Journal,1999,24(12):21-29.
  • 2DAWKINS J,HALE J.A systematic approach to multi-stage network attack analysis[C]//Proc of the 2nd IEEE International Information Assurance Workshop.Washington D C:IEEE Computer Society Press,2004:48-56.
  • 3EVANS S,WALLER J.Risk-based security engineering through the eyes of the adversary[C]//Proc of the 6th IEEE Systems,Man and Cybernetics Information Assurance Workshop.New York:IEEE Computer Society Press,2005:158-165.
  • 4ISO.ISO/IEC 17799,Information technology security techniques:code of practice for information security management[S].[S.l.]:International Organization for Seandardization,2005.
  • 5STONEBURNER G,GOGUEN A,FERINGA A.Risk management guide for information technology systems[K].Gaithersburg:NIST Special Publication,2002.
  • 6BSI.BS 7799,Code of practice for information security management[S].London:British Standards Institute,1999.
  • 7SSE-CMM model description document[S].version 3.0.Pittsburgh:Carnegie Mellon University,2003.
  • 8Microsoft Corporation.The Microsoft security risk management guide v1.1[K].2004.
  • 9CRAMM v5[EB/OL].http://www.cramm.com/.
  • 10COBRA[EB/OL].http://www.riskworld.net/.

二级参考文献6

  • 1[1]Rommelfanger HJ.Multicriteria Decision Making Using Fuzzy Logic [C].In:Proceedings of the Conference on the North American Fuzzy Information Processing Society, 1998: 360~364
  • 2[2]Hanseong S,Poonghyun S.A Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets[C].In:Proceedings of International Conference on Fuzzy Systems, 1999; (2): 830~834
  • 3[3]Antonakopoulos T, Agavanakis K.CASE Tools Evaluation: An Automatic Process Based on Fuzzy Sets Theory[C].In:Proceedings of Sixth IEEE International Workshop on Rapid System Prototyping, 1995:140~146
  • 4[4]Cannavacciuolo A,Capaldo G.A Fuzzy Model of the Evaluation Process[C].In:Proceedings of the Fifth IEEE International Conference on Fuzzy Systems, 1996; (2) :828~834
  • 5[5]Copigneaux F,Martin S.Software Security Evaluation Based on a Topdown McCall-like Approach[C].In:Proceedings of the Fourth Conference on Aerospace Computer Security Applications, 1988:414~418
  • 6[6]Garrabrants WM,Ellis AW.CERTS :A Comparative Evaluation Methodfor Risk Management Methodologies and Tools[C].In:Proceedings of the Sixth Annual Computer Security Applications Conference,1990:251~257

共引文献29

同被引文献141

引证文献22

二级引证文献127

计算机应用研究
2007年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部