CN109977678A - A kind of system vulnerability methods of risk assessment - Google Patents
A kind of system vulnerability methods of risk assessment Download PDFInfo
- Publication number
- CN109977678A CN109977678A CN201711499840.7A CN201711499840A CN109977678A CN 109977678 A CN109977678 A CN 109977678A CN 201711499840 A CN201711499840 A CN 201711499840A CN 109977678 A CN109977678 A CN 109977678A
- Authority
- CN
- China
- Prior art keywords
- loophole
- software package
- software
- risk
- coefficient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The present invention discloses a kind of system vulnerability methods of risk assessment, it include: to rely on metadata to the software package in software systems to pre-process, it constructs software and relies on network, wherein it is the file for recording all software package informatins in the software systems that the software package, which relies on metadata,;Vulnerability information is obtained, the incidence relation between loophole and software package is constructed according to the vulnerability information;Assessment loophole includes: the different degree coefficient for calculating each node in the software package dependency relationship subgraph to the security risk of whole software systems;Determine that the loophole of the loophole threatens coefficient;Coefficient is threatened according to the loophole of the loophole, calculates the loophole value-at-risk of each node;According to the loophole value-at-risk of the different degree coefficient of each node and each node, comprehensive loophole value-at-risk is calculated.
Description
Technical field
The present invention relates to a kind of system vulnerability methods of risk assessment.
Background technique
As software systems become increasingly complex, scale is more and more huger, has promoted the modern softwares such as component software development
The application of engineering method, software systems are tended not to from zero completely new exploitation, and can largely be quoted or be depended on other third parties soft
Part.These softwares exist in the form of software package, component, function library, module, Web service etc., by accordant interface specification, make
It is interacted with modes such as function call, data transmitting, block combiners, the large software system of large-scale complex can be collectively constituted
System.The software engineering deveironment method of modularization, is conducive to the reuse of component, can quickly be answered using existing component construction complexity
With software development efficiency can be greatly improved.Some components due to realizing important basic function, and can Free Acquisition open
Source code, reputation with higher and very wide use scope are put, therefore these components are more likely to be used other software system
Exploitation.
Summary of the invention
The invention mainly solves the technical problem of providing a kind of system vulnerability methods of risk assessment, comprising:
It relies on metadata to the software package in software systems to pre-process, building software relies on network, wherein described soft
It is the file that all software package informatins are recorded in the software systems that part packet, which relies on metadata,;
Vulnerability information is obtained, the incidence relation between loophole and software package is constructed according to the vulnerability information;
Assessment loophole includes: to calculate in the software package dependency relationship subgraph respectively to save to the security risk of whole software systems
The different degree coefficient of point;Determine that the loophole of the loophole threatens coefficient;Coefficient is threatened according to the loophole of the loophole, described in calculating
The loophole value-at-risk of each node;According to the loophole value-at-risk of the different degree coefficient of each node and each node, calculate comprehensive
Close loophole value-at-risk.
Preferably, the incidence relation between network and the loophole and software package is relied on according to the software, inquiry exists
The software package of loophole and the other software packet for directly or indirectly relying on the software package construct software package dependency relationship subgraph.
Preferably, the significance level of each node in the software package dependency relationship subgraph is determined.
Preferably, the loophole of the determination loophole threatens coefficient to comprise determining that safety etc. corresponding to the loophole
Grade determines that corresponding loophole threatens coefficient according to the security level.
Preferably, the software package information includes software package title, dependent software package, priority.
Preferably, the vulnerability information includes loophole title, impacted software package, security level, loophole description.
The advantages and positive effects of the present invention are: system vulnerability methods of risk assessment provided by the invention, to software
Software package in system relies on metadata and is pre-processed, and building software relies on network, and obtains vulnerability information, according to the leakage
Incidence relation between hole information architecture loophole and software package, according to the software rely on network and the loophole and software package it
Between incidence relation, inquire the other software packet for there are the software package of loophole and directly or indirectly relying on the software package, structure
Software package dependency relationship subgraph is built, based on the significance level of each node in the software package dependency relationship subgraph, assesses loophole pair
The security risk of whole software systems.
Specific embodiment
Below with reference to embodiment, further description of the specific embodiments of the present invention, and following embodiment is only used for more
Technical solution of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
A kind of system vulnerability methods of risk assessment, comprising:
It relies on metadata to the software package in software systems to pre-process, building software relies on network, wherein described soft
It is the file that all software package informatins are recorded in the software systems that part packet, which relies on metadata,;
Vulnerability information is obtained, the incidence relation between loophole and software package is constructed according to the vulnerability information;
Assessment loophole includes: to calculate in the software package dependency relationship subgraph respectively to save to the security risk of whole software systems
The different degree coefficient of point;Determine that the loophole of the loophole threatens coefficient;Coefficient is threatened according to the loophole of the loophole, described in calculating
The loophole value-at-risk of each node;According to the loophole value-at-risk of the different degree coefficient of each node and each node, calculate comprehensive
Close loophole value-at-risk.
The incidence relation between network and the loophole and software package is relied on according to the software, there are the soft of loophole for inquiry
Part packet and the other software packet for directly or indirectly relying on the software package construct software package dependency relationship subgraph.
Determine the significance level of each node in the software package dependency relationship subgraph.
The loophole of the determination loophole threatens coefficient to comprise determining that security level corresponding to the loophole, according to
The security level determines that corresponding loophole threatens coefficient.
The software package information includes software package title, dependent software package, priority.
The vulnerability information includes loophole title, impacted software package, security level, loophole description.
The advantages and positive effects of the present invention are: system vulnerability methods of risk assessment provided by the invention, to software
Software package in system relies on metadata and is pre-processed, and building software relies on network, and obtains vulnerability information, according to the leakage
Incidence relation between hole information architecture loophole and software package, according to the software rely on network and the loophole and software package it
Between incidence relation, inquire the other software packet for there are the software package of loophole and directly or indirectly relying on the software package, structure
Software package dependency relationship subgraph is built, based on the significance level of each node in the software package dependency relationship subgraph, assesses loophole pair
The security risk of whole software systems.
One embodiment of the present invention has been described in detail above, but the content is only preferable implementation of the invention
Example, should not be considered as limiting the scope of the invention.It is all according to all the changes and improvements made by the present patent application range
Deng should still be within the scope of the patent of the present invention.
Claims (6)
1. a kind of system vulnerability methods of risk assessment characterized by comprising
It relies on metadata to the software package in software systems to pre-process, building software relies on network, wherein the software package
Relying on metadata is the file that all software package informatins are recorded in the software systems;
Vulnerability information is obtained, the incidence relation between loophole and software package is constructed according to the vulnerability information;
Assessment loophole includes: to calculate each node in the software package dependency relationship subgraph to the security risk of whole software systems
Different degree coefficient;Determine that the loophole of the loophole threatens coefficient;Coefficient is threatened according to the loophole of the loophole, calculates each section
The loophole value-at-risk of point;According to the loophole value-at-risk of the different degree coefficient of each node and each node, comprehensive leakage is calculated
Hole value-at-risk.
2. a kind of system vulnerability methods of risk assessment according to claim 1, which is characterized in that relied on according to the software
Incidence relation between network and the loophole and software package, inquiry rely on institute there are the software package of loophole and directly or indirectly
The other software packet of software package is stated, software package dependency relationship subgraph is constructed.
3. a kind of system vulnerability methods of risk assessment according to claim 2, which is characterized in that determine the software package according to
Rely the significance level of each node in relationship subgraph.
4. a kind of system vulnerability methods of risk assessment according to claim 1, which is characterized in that the determination loophole
Loophole threaten coefficient comprise determining that security level corresponding to the loophole, corresponding leakage is determined according to the security level
Hole threatens coefficient.
5. a kind of system vulnerability methods of risk assessment according to claim 1, which is characterized in that the software package packet
Include software package title, dependent software package, priority.
6. a kind of system vulnerability methods of risk assessment according to claim 1, which is characterized in that the vulnerability information includes
Loophole title, impacted software package, security level, loophole description.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711499840.7A CN109977678A (en) | 2017-12-28 | 2017-12-28 | A kind of system vulnerability methods of risk assessment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711499840.7A CN109977678A (en) | 2017-12-28 | 2017-12-28 | A kind of system vulnerability methods of risk assessment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109977678A true CN109977678A (en) | 2019-07-05 |
Family
ID=67075650
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711499840.7A Pending CN109977678A (en) | 2017-12-28 | 2017-12-28 | A kind of system vulnerability methods of risk assessment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109977678A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632555A (en) * | 2020-12-15 | 2021-04-09 | 国网河北省电力有限公司电力科学研究院 | Node vulnerability scanning method and device and computer equipment |
CN114826691A (en) * | 2022-04-02 | 2022-07-29 | 深圳市博博信息咨询有限公司 | Network information safety intelligent analysis early warning management system based on multi-dimensional analysis |
CN115080985A (en) * | 2022-07-27 | 2022-09-20 | 北京北大软件工程股份有限公司 | Large-scale code static analysis method and system based on block |
-
2017
- 2017-12-28 CN CN201711499840.7A patent/CN109977678A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632555A (en) * | 2020-12-15 | 2021-04-09 | 国网河北省电力有限公司电力科学研究院 | Node vulnerability scanning method and device and computer equipment |
CN114826691A (en) * | 2022-04-02 | 2022-07-29 | 深圳市博博信息咨询有限公司 | Network information safety intelligent analysis early warning management system based on multi-dimensional analysis |
CN114826691B (en) * | 2022-04-02 | 2023-08-18 | 上海硕曜科技有限公司 | Network information security intelligent analysis early warning management system based on multidimensional analysis |
CN115080985A (en) * | 2022-07-27 | 2022-09-20 | 北京北大软件工程股份有限公司 | Large-scale code static analysis method and system based on block |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11336465B2 (en) | Sending cross-chain authenticatable messages | |
EP3479519B1 (en) | Dynamic access control on blockchain | |
CN109977678A (en) | A kind of system vulnerability methods of risk assessment | |
Hu et al. | Review of cyber-physical system architecture | |
Li et al. | Research on secure localization model based on trust valuation in wireless sensor networks | |
CN112364317B (en) | Internet of things fog environment management architecture and method based on blockchain technology | |
CN104067280A (en) | System and method for detecting a malicious command and control channel | |
CN102333096B (en) | Creditworthiness control method and system for anonymous communication system | |
Goettelmann et al. | A security risk assessment model for business process deployment in the cloud | |
CN111090386B (en) | Cloud storage method, device, system and computer equipment | |
WO2008011576A3 (en) | System and method of securing web applications across an enterprise | |
CN112738139B (en) | Cross-link access control method and device | |
CN105447388A (en) | Android malicious code detection system and method based on weight | |
Mohamed et al. | IoT security: review and future directions for protection models | |
CN102223627A (en) | Beacon node reputation-based wireless sensor network safety locating method | |
CN114465730A (en) | Internet of things equipment mutual authentication method and device based on block chain technology | |
CN109067709A (en) | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium | |
CN106487505A (en) | Key management, acquisition methods and relevant apparatus and system | |
CN108900328A (en) | A kind of electricity grid network data safety test macro and method | |
CN103581202B (en) | The trade company of identity-based authentication platform makes board cross-certification method | |
WO2010019461A3 (en) | Method and apparatus for critical infrastructure protection | |
CN111194441B (en) | Data management method and related system based on block chain | |
CN110471849B (en) | Block chain resource management test method and system, storage medium and terminal | |
CN113037754A (en) | Block chain-based safety management system and management method for specific crowd aggregation | |
Chen et al. | Intrusion tolerant control for warship systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190705 |
|
WD01 | Invention patent application deemed withdrawn after publication |