计算机科学 ›› 2011, Vol. 38 ›› Issue (6): 169-172.
• 软件工程 • 上一篇 下一篇
李 艺,李新明,崔云飞
出版日期:
发布日期:
基金资助:
LI Yi,LI Xin-ming,CUI Yun-fei
Online:
Published:
摘要: 软件脆弱性的危险程度是对软件脆弱性被利用来攻击系统的潜在危险的度量。在分析目前已知的相关评价方法及其局限性的基础上,提出了根据脆弱性影响的严重程度和脆弱性可利用性来评佑脆弱性危险程度的分析框架,并基于模糊理论,提出了软件脆弱性危险程度评估的量化模型,建立了模糊测评因素关联隶属关系的递阶层次结构,并重点分析了基于模糊集的指标量化、基于模糊关系矩阵的指标权重的确定和软件脆弱性危险程度的综合评价方法。最后,给出了模型的应用与实现。
关键词: 软件脆弱性,影响,危险程度,评估,模糊理论
Abstract: The criticality of software vulnerability is the measurement of the potential risk of which the software vulner-ability may be taken advantage for attacking the system. Based on analysis of current evaluation methods and their limitation, an analysis framework for evaluating the citicality of software vulnerability was proposed, according to the impact severity and probability of vulnerability. Based on fuzzy theory, the quantification model for evaluating the criticality of software vulnerability was proposed and the hierarchy of fuzzy evaluation factors’relationship and membership was established. The fuzzy set based indices quantification, the fuzzy relational matrix-based indices weight value and the general evaluation method for software vulnerability criticality were emphasized. At last, the application and implement of the evaluating model were given.
Key words: Software vulnerability, Impact, Criticality, Evaluation, Fuzzy theory
李 艺,李新明,崔云飞. 软件脆弱性危险程度量化评估模型研究[J]. 计算机科学, 2011, 38(6): 169-172. https://doi.org/
LI Yi,LI Xin-ming,CUI Yun-fei. Research of Evaluating Model on the Criticality of Software Vulnerability[J]. Computer Science, 2011, 38(6): 169-172. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2011/V38/I6/169
Cited
首页