CN103268450A - Mobile intelligent terminal system safety evaluation system model and method based on test - Google Patents
Mobile intelligent terminal system safety evaluation system model and method based on test Download PDFInfo
- Publication number
- CN103268450A CN103268450A CN2013102224407A CN201310222440A CN103268450A CN 103268450 A CN103268450 A CN 103268450A CN 2013102224407 A CN2013102224407 A CN 2013102224407A CN 201310222440 A CN201310222440 A CN 201310222440A CN 103268450 A CN103268450 A CN 103268450A
- Authority
- CN
- China
- Prior art keywords
- layer
- test
- safety
- evaluation
- centerdot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a mobile intelligent terminal system safety evaluation system model and method based on a test. The mobile intelligent terminal system safety evaluation system model comprises a safety evaluation layer and a safety test layer, wherein the safety evaluation layer is the upper layer and is divided into a risk layer, a threat layer and a vulnerability layer from top to bottom, and the safety test layer is the lower layer and divided into a safety function layer, a test layer and a safety standard layer from top to bottom. The safety evaluation method comprises the following steps of testing the safety test layer, conducting evaluation by the safety evaluation layer according to a test result, calculating the parameter relative weight, conducting a consistency verification on a matrix, calculating a score vector of a safety evaluation result of each layer, and obtaining an evaluation result table through evaluation results of all layers. According to the mobile intelligent terminal system safety evaluation system model and method based on the test, characteristics of a mobile intelligent terminal itself are considered, a method combining the AHP algorithm and a safety test method is utilized, and therefore multilevel evaluation, combining an objective test, subjective assessment, qualitative judgment and quantification calculation, of the mobile intelligent terminal system is achieved. Therefore, an evaluation result is strong in persuasion.
Description
Technical field
The present invention relates to mobile message security evaluation field, particularly relate to a kind of mobile intelligent terminal system security assessment system model and appraisal procedure based on test.
Background technology
Along with mobile communication technology and mobile Internet and develop rapidly, mobile intelligent terminal has been widely used in the middle of the infosystem of personal daily life and various government, enterprise, bank and army.Different with traditional mobile phone, mobile intelligent terminal has been stored individual privacy, accounts information, working document, trade secret or even valuable information etc. more.These privacies are often concerning property and the prestige safety of terminal use individual or unit.Current main attack pattern to terminal still utilizes fragility and a large amount of Malware, virus and the remote control programs of leak manufacturing of intelligent terminal operating system security mechanism, terminal security has been constituted huge threat, and therefore the mobile intelligent terminal operating system security being carried out safety assessment is the basis that guarantees terminal security.
At present, the assessment of mobile intelligent terminal safety still there is not unified standard.China's standard " information of mobile terminal safety specifications " and " information of mobile terminal safety detecting method " mainly are at fairly simple conventional mobile phone operating system.Unite States Standard (USS) " GuidelinesonCellPhoneandPDASecurity " is the safety standard at mobile intelligent terminal of present comparative maturity.
The safety assessment of science must be based upon in the safety test based on safety standard, because mobile intelligent terminal operating system software and hardware resources is in short supply relatively, be not suitable for traditional computer system security test and appraisal mode, therefore present safety assessment to mobile intelligent terminal mainly still is based upon calculating and the analysis on the subjective assessment, lack the objective safety test be based upon on the safety standard and with the reasonable fusion of quantitative calculation and analysis, its assessment result often lacks persuasion.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art, provide a kind of in conjunction with the mobile intelligent terminal own characteristic, and utilize the AHP algorithm in conjunction with the method for safety test, realization is to the objective examination of mobile intelligent terminal system and subjective assessment, qualitative judgement and the quantitative multi-level assessment that combines, a kind of mobile intelligent terminal system security assessment system model and the appraisal procedure based on test that the assessment result cogency is strong calculated.
The objective of the invention is to be achieved through the following technical solutions: based on the mobile intelligent terminal system security assessment system model of test, it comprises and is used to manufacturer terminal, user or applying unit provide security risk, attack to threaten and the safety assessment layer of the assessment of system's fragility and be used for requiring to test operating system to be measured according to safety standard, assess the safety test layer of its degree that meets standard-required, described safety assessment layer is positioned at the upper strata, be divided into the risk layer from top to bottom, threaten layer and fragility layer, described safety test layer is positioned at lower floor, is divided into the security function layer from top to bottom, test layer and safety standard layer.
Described security function layer is divided into multilayer.
Index between the adjacent levels of described evaluation layer is the mapping relations of multi-to-multi.
The levels index that described test layer is adjacent is the mapping relations of one-to-many.
Based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, it may further comprise the steps:
S1: test layer is tested: utilize the follow-up ergodic algorithm of multiway tree to carry out each test case successively, the implementation of output test case draws test result vector β;
S2: evaluation layer is assessed according to test result: to each test index in the evaluation layer, the relative importance that allows its sub-index item compare in twos respectively draws the ratio of relative weights, then according to the ratio scaling law to the importance degree assignment, structure judgment matrix Ai;
S3: the relative weights of parameter:
At first with matrix A
iEach column vector normalization:
Then the judgment matrix matrix after the normalization is sued for peace by row:
Again with vector
Normalization:
S4: matrix is carried out consistency desired result: each judgment matrix is calculated consistance ratio CR, when CR=0, judgment matrix has crash consistency, CR is more big, and then consistance is more poor, if CR<0.1 judgment matrix satisfies consistance substantially, result of calculation has higher confidence level, otherwise needs judgment matrix is improved till satisfaction;
S5: the score value vector that calculates each layer safety assessment result: calculate the weight matrix ω that the vector of obtaining draws each layer of evaluation layer respectively by step S203
1, ω
2And ω
3, by σ
3=ω
3β
TDraw the fragile degree of each index of fragility layer, by σ
2=ω
2σ
3 TDraw the threat degree that threatens each index of layer, by σ
1=ω
1σ
2 TDraw the risk of each index of risk layer, qualitatively judge each evaluation index at last, with the ordering of each layer index, the record assessment result provides the assessment conclusion;
S6: draw the assessment result table by each layer assessment result: the weak link that finds system according to fragility index and test layer index, improving terminal system realizes safely, according to threatening index and risk indicator to understand terminal system at present and following threat, security risk and the influence degree that may exist, formulate corresponding security strategy to avert risks.
The invention has the beneficial effects as follows:
The invention provides main security threat and risk and risk assessment relevant criterion that a kind of combined with intelligent terminal operating system faces, in conjunction with present computing machine and mobile terminal operating system safety standard and classification security evaluation method, and in conjunction with a kind of multi-level mobile intelligent terminal operating system security evaluation system model based on safety standard of mobile intelligent terminal own characteristic, and utilize AHP algorithm (analytical hierarchy process) in conjunction with the method for safety test, realization is to the objective examination of mobile intelligent terminal system and subjective assessment, qualitatively judge the multi-level assessment that combines with quantitative calculating, the assessment result cogency is strong.
Description of drawings
Fig. 1 is safe layering evaluation system and layering synoptic diagram;
Fig. 2 is security of system layering assessment models.
Embodiment
Below in conjunction with accompanying drawing technical scheme of the present invention is described in further detail: as shown in Figure 1, mobile intelligent terminal system security assessment system model based on test, it comprises and is used to manufacturer terminal, user or applying unit provide security risk, attack to threaten and the safety assessment layer of the assessment of system's fragility and be used for requiring to test operating system to be measured according to safety standard, assess the safety test layer of its degree that meets standard-required, described safety assessment layer is positioned at the upper strata, be divided into the risk layer from top to bottom, threaten layer and fragility layer, described safety test layer is positioned at lower floor, is divided into the security function layer from top to bottom, test layer and safety standard layer.As shown in Figure 2, the index between the adjacent levels of evaluation layer is the mapping relations of multi-to-multi, and the levels index that test layer is adjacent is the mapping relations of one-to-many.The security function layer is divided into multilayer, each layer evaluation index at all be different safe categories, for different users provides required separately safety assurance, each layer evaluation index is defined as follows:
The risk layer: in the mobile intelligent terminal system owing to be subjected to artificial attack and threaten and cause each resource disappearance or when being destroyed, possible loss and influence that intelligent terminal user or unit are caused;
Threaten layer: comprise the threat behavior that mobile intelligent terminal is attacked, the threat behavior is the means that the assailant reaches specific purpose.Main attack threat is based upon on the fragility of security of system mechanism to portable terminal at present, and the different attacking abilities of threat behavior under different environment are different, need assess it;
The fragility layer: fragility is one of object of assessment.It is the vulnerability of portable terminal security mechanism existence and the loss that defective causes assets that the threat behavior may utilize the assets carrier;
The security function layer: the necessary concrete security function of assessment mobile intelligent terminal operating system meets the degree that safety standard requires.The disappearance of security function, imperfection or the leak in the security function design realizes will cause the fragility of mobile terminal system, and the objective examination's that the assessment of security function layer needs in lower floor result assesses;
The safety test layer: the level of most critical in the system, the safety requirements in the safety standard reasonably is mapped to attainable assessment method, and is encapsulated as different test cases, utilize algorithmic dispatching to carry out each test case, and test result is returned to the upper strata;
Safety standard layer: for the specific requirement in the standard is mapped as test index in the security function layer and the test case in the test layer provides foundation.
Based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, at first with the follow-up traversal implementation of test cases of tree, the implementation according to test case draws test result.Test result is turned back to evaluation layer after quantizing, last five layers index is quantized to 1~9 by table 1 mapping respectively, the test result that evaluation layer is returned according to test layer according to actual conditions, utilizes single kind or multiple assessment algorithm to carry out computational analysis.Assess with (AHP algorithm) step analysis in this programme, it may further comprise the steps:
Table 11~9 quantizating index
S1: test layer is tested: utilize the follow-up ergodic algorithm of multiway tree to carry out each test case successively at test layer, output test case implementation draws test result vector β;
S2: evaluation layer is assessed according to test result: to each test index in the evaluation layer, the relative importance that allows its sub-index item compare in twos respectively draws the ratio of relative weights, to the importance degree assignment, construct judgment matrix A in 1~9 ratio scaling law in the table 2
i
Table 21~9 grade judgment matrix standard degree
S3: the relative weights of parameter:
At first with matrix A
iEach column vector normalization:
Then the judgment matrix matrix after the normalization is sued for peace by row:
Again with vector
Normalization:
S4: matrix is carried out consistency desired result: have than higher accuracy in order to guarantee judgment matrix, need carry out consistency desired result to matrix.The calculating coincident indicator is as follows:
At first obtain the maximum characteristic root of matrix:
Calculate coincident indicator then:
Calculate the consistance ratio at last:
If CR<0.1 o'clock thinks that then the consistance of this judgment matrix can be accepted.
Table 3 mean random consistance scale RI
When CR=0, judgment matrix has crash consistency, and CR is more big, and then consistance is more poor.It is generally acknowledged that CR<0.1 o'clock judgment matrix satisfies consistance substantially, result of calculation has higher confidence level, otherwise needs judgment matrix is improved till satisfaction;
S5: the score value vector that calculates each layer safety assessment result: the vector of being obtained by step S203 draws the weight matrix of each layer of evaluation layer respectively
With
By σ
3=ω
3β
TDraw the fragile degree of each index of fragility layer, by σ
2=ω
2σ
3 TDraw the threat degree that threatens each index of layer.By σ
1=ω
1σ
2 TDraw the risk of each index of risk layer.The last table of comparisons 1 qualitatively judges each evaluation index, and the record assessment result provides the assessment conclusion;
S6: draw the assessment result table by each layer assessment result: find the weak link of system according to fragility index and test layer index, improve terminal system and realize safely.According to threatening index and risk indicator to understand terminal system at present and following threat, security risk and the influence degree that may exist, formulate corresponding security strategy targetedly to avert risks.
Claims (5)
1. based on the mobile intelligent terminal system security assessment system model of testing, it is characterized in that: it comprises and is used to manufacturer terminal, user or applying unit provide security risk, attack to threaten and the safety assessment layer of the assessment of system's fragility and be used for requiring to test operating system to be measured according to safety standard, assess the safety test layer of its degree that meets standard-required, described safety assessment layer is positioned at the upper strata, be divided into the risk layer from top to bottom, threaten layer and fragility layer, described safety test layer is positioned at lower floor, is divided into the security function layer from top to bottom, test layer and safety standard layer.
2. according to claim 1 based on the mobile intelligent terminal system security assessment system model of testing, it is characterized in that: described security function layer is divided into multilayer.
3. the mobile intelligent terminal system security assessment system model based on test according to claim 1, it is characterized in that: the index between the adjacent levels of described evaluation layer is the mapping relations of multi-to-multi.
4. according to claim 1 based on the mobile intelligent terminal system security assessment system model of testing, it is characterized in that: the levels index that described test layer is adjacent is the mapping relations of one-to-many.
5. based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, it is characterized in that: it may further comprise the steps:
S1: test layer is tested: utilize the follow-up ergodic algorithm of multiway tree to carry out each test case successively, the implementation of output test case draws test result vector β;
S2: evaluation layer is assessed according to test result: to each test index in the evaluation layer, the relative importance that allows its sub-index item compare in twos respectively draws the ratio of relative weights, then according to the ratio scaling law to the importance degree assignment, structure judgment matrix A
i
S3: the relative weights of parameter:
At first with matrix A
iEach column vector normalization:
Then the judgment matrix matrix after the normalization is sued for peace by row:
Again with vector
Normalization:
S4: matrix is carried out consistency desired result: each judgment matrix is calculated consistance ratio CR, when CR=0, judgment matrix has crash consistency, CR is more big, and then consistance is more poor, if CR<0.1 judgment matrix satisfies consistance substantially, result of calculation has higher confidence level, otherwise needs judgment matrix is improved till satisfaction;
S5: the score value vector that calculates each layer safety assessment result: calculate the weight matrix ω that the vector of obtaining draws each layer of evaluation layer respectively by step S203
1, ω
2And ω
3, by σ
3=ω
3β
TDraw the fragile degree of each index of fragility layer, by σ
2=ω
2σ
3 TDraw the threat degree that threatens each index of layer, by σ
1=ω
1σ
2 TDraw the risk of each index of risk layer, qualitatively judge each evaluation index at last, with the ordering of each layer index, the record assessment result provides the assessment conclusion;
S6: draw the assessment result table by each layer assessment result: the weak link that finds system according to fragility index and test layer index, improving terminal system realizes safely, according to threatening index and risk indicator to understand terminal system at present and following threat, security risk and the influence degree that may exist, formulate corresponding security strategy to avert risks.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310222440.7A CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310222440.7A CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103268450A true CN103268450A (en) | 2013-08-28 |
CN103268450B CN103268450B (en) | 2016-06-29 |
Family
ID=49012078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310222440.7A Expired - Fee Related CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103268450B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103617397A (en) * | 2013-12-13 | 2014-03-05 | 北京邮电大学 | Safety assessment method and system for applications in intelligent terminal |
CN105407514A (en) * | 2015-11-23 | 2016-03-16 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Wireless network vertical handoff method based on AHP/R-TOPSIS |
CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
CN107231345A (en) * | 2017-05-03 | 2017-10-03 | 成都国腾实业集团有限公司 | Networks congestion control methods of risk assessment based on AHP |
CN107832621A (en) * | 2017-11-16 | 2018-03-23 | 成都艾尔普科技有限责任公司 | The weighing computation method of Behavior trustworthiness evidence based on AHP |
CN108776861A (en) * | 2018-04-27 | 2018-11-09 | 中国铁路总公司 | Railway Communication safety risk estimating method and device |
CN109359893A (en) * | 2018-11-21 | 2019-02-19 | 国家电网有限公司 | The methods of risk assessment and device of mobile job platform |
CN110472839A (en) * | 2019-07-25 | 2019-11-19 | 上海电力大学 | Thermal power plant's control system Information Security Evaluation system based on SA-PSO-AHP |
CN110798454A (en) * | 2019-10-18 | 2020-02-14 | 中国科学院信息工程研究所 | Method for defending attack based on attack organization capability evaluation |
CN110912855A (en) * | 2018-09-17 | 2020-03-24 | 中国信息通信研究院 | Block chain architecture security assessment method and system based on permeability test case set |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227288A (en) * | 2008-01-29 | 2008-07-23 | 四川大学 | Method for evaluating hazardness of network attack |
US20090307764A1 (en) * | 2006-03-24 | 2009-12-10 | Yoshiaki Isobe | Biometric Authenticaton System and Method with Vulnerability Verification |
CN102004875A (en) * | 2010-11-15 | 2011-04-06 | 河南电力试验研究院 | Risk assessment method and system based on utility theory |
-
2013
- 2013-06-06 CN CN201310222440.7A patent/CN103268450B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090307764A1 (en) * | 2006-03-24 | 2009-12-10 | Yoshiaki Isobe | Biometric Authenticaton System and Method with Vulnerability Verification |
CN101227288A (en) * | 2008-01-29 | 2008-07-23 | 四川大学 | Method for evaluating hazardness of network attack |
CN102004875A (en) * | 2010-11-15 | 2011-04-06 | 河南电力试验研究院 | Risk assessment method and system based on utility theory |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103617397A (en) * | 2013-12-13 | 2014-03-05 | 北京邮电大学 | Safety assessment method and system for applications in intelligent terminal |
CN103617397B (en) * | 2013-12-13 | 2016-11-16 | 北京邮电大学 | The security assessment method applied in intelligent terminal and system |
CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
CN105407514A (en) * | 2015-11-23 | 2016-03-16 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Wireless network vertical handoff method based on AHP/R-TOPSIS |
CN107231345A (en) * | 2017-05-03 | 2017-10-03 | 成都国腾实业集团有限公司 | Networks congestion control methods of risk assessment based on AHP |
CN107832621A (en) * | 2017-11-16 | 2018-03-23 | 成都艾尔普科技有限责任公司 | The weighing computation method of Behavior trustworthiness evidence based on AHP |
CN108776861A (en) * | 2018-04-27 | 2018-11-09 | 中国铁路总公司 | Railway Communication safety risk estimating method and device |
CN110912855A (en) * | 2018-09-17 | 2020-03-24 | 中国信息通信研究院 | Block chain architecture security assessment method and system based on permeability test case set |
CN109359893A (en) * | 2018-11-21 | 2019-02-19 | 国家电网有限公司 | The methods of risk assessment and device of mobile job platform |
CN110472839A (en) * | 2019-07-25 | 2019-11-19 | 上海电力大学 | Thermal power plant's control system Information Security Evaluation system based on SA-PSO-AHP |
CN110798454A (en) * | 2019-10-18 | 2020-02-14 | 中国科学院信息工程研究所 | Method for defending attack based on attack organization capability evaluation |
CN110798454B (en) * | 2019-10-18 | 2020-10-27 | 中国科学院信息工程研究所 | Method and system for defending attack based on attack organization capability evaluation |
Also Published As
Publication number | Publication date |
---|---|
CN103268450B (en) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103268450A (en) | Mobile intelligent terminal system safety evaluation system model and method based on test | |
Baldwin et al. | Sensitivity of landscape pattern indices to input data characteristics on real landscapes: implications for their use in natural disturbance emulation | |
CN102799822B (en) | Software running security measurement and estimation method based on network environment | |
CN109446812A (en) | A kind of embedded system firmware safety analytical method and system | |
CN107220549A (en) | Leak risk basal evaluation method based on CVSS | |
CN102148820A (en) | System and method for estimating network security situation based on index logarithm analysis | |
CN106971109A (en) | A kind of assessment strategy of the bug excavation method based on index weights | |
CN110335144B (en) | Personal electronic bank account security detection method and device | |
CN109377083A (en) | Methods of risk assessment, device, equipment and storage medium | |
CN102004875A (en) | Risk assessment method and system based on utility theory | |
CN109376537A (en) | A kind of assets methods of marking and system based on multiple-factor fusion | |
CN113408114A (en) | Method and system for evaluating vulnerability threat degree of power monitoring system equipment | |
Arfanuzzaman | Impact of CO2 emission, per capita income and HDI on Environmental Performance Index: empirical evidence from Bangladesh | |
CN105825130A (en) | Information security early-warning method and device | |
CN106529795A (en) | Safety control method and device of electric power monitoring system | |
CN108509340A (en) | A kind of determination of naval vessels Combat Command System software quality element and quantitative estimation method | |
CN105512791A (en) | Method for assessing personal casualty losses caused by failed lightning protection device | |
CN116109215A (en) | Credibility quantitative evaluation method and device of credibility numerical control system and computer equipment | |
CN115829209A (en) | Environment-friendly intelligent warehouse environment-friendly quality analysis method and device based on carbon path | |
CN103412814B (en) | Mobile terminal system safety test and intelligent repair system and method | |
CN115062954A (en) | Multi-dimensional risk assessment method, device and equipment applied to engineering construction | |
CN114242182A (en) | Desert sand concrete strength prediction method, device, equipment and storage medium | |
CN113191674A (en) | Security risk assessment method and device, storage medium and electronic equipment | |
Alla et al. | Seismic liquefaction analysis of MCDM weighted SPT data using support vector machine classification | |
CN107491576B (en) | Missile component reliability analysis method based on performance degradation data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160629 Termination date: 20180606 |