作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (17): 63-65,68. doi: 10.3969/j.issn.1000-3428.2010.17.022

• 软件技术与数据库 • 上一篇    下一篇

软件脆弱性影响分析模型

李新明1,2,李 艺3,刘 东2   

  1. (1. 南京理工大学计算机学院,南京 210094;2. 装备指挥技术学院EIES重点实验室,北京 101416; 3. 装备指挥技术学院科研部,北京 101416)
  • 出版日期:2010-09-05 发布日期:2010-09-02
  • 作者简介:李新明(1965-),男,教授、博士生导师,主研方向:网络安全,复杂系统仿真;李 艺,教授;刘 东,讲师
  • 基金资助:
    国家部委基金资助项目

Software Vulnerability Effect Analysis Model

LI Xin-ming1,2, LI Yi3, LIU Dong2   

  1. (1. College of Computer, Nanjing University of Science & Technology, Nanjing 210094; 2. EIES Key Laboratory, Institution of Command & Technology of Equipment, Beijing 101416; 3. Department of Scientific Research, Institution of Command & Technology of Equipment, Beijing 101416)
  • Online:2010-09-05 Published:2010-09-02

摘要: 软件脆弱性的本质是利用该脆弱性可以影响系统的安全。每个软件脆弱性对系统安全造成的影响及其危害程度是不同的。基于此,在研究软件脆弱性影响相关分类存在的问题的基础上,分析脆弱性的直接影响和最终影响及其关系,指出确定软件脆弱性直接影响的原则,设计出基于影响广度和深度的脆弱性直接影响的分析模型。分析系统级、用户级和文件级的脆弱性直接影响模式,并给出模型在大规模特定域网主动防御系统中的相关设计与实现。

关键词: 软件脆弱性, 安全, 分类法

Abstract: The essence of software vulnerability is to exploit and affect system security. Different software vulnerabilities cause different effects to system and the severity is various as well. Based on the critical research of some typical taxonomy relative to software vulnerability effects, the direct effect and final effect and relationship between are analyzed. The key factor of software vulnerability direct effect is demonstrated and the software vulnerability analysis model based on effect width and depth is proposed. The direct effect modes are analyzed including system level, user level and file level. The design and implementation of model on active defense system for large scale network of mission-critical domain are given.

Key words: software vulnerability, security, taxonomy

中图分类号: