| 基于CVE的安全脆弱性数据库系统的扩展设计 |
| |
| 引用本文: | 汪生 孙乐昌. 基于CVE的安全脆弱性数据库系统的扩展设计[J]. 微电子学与计算机, 2005, 22(10): 152-155 |
| |
| 作者姓名: | 汪生 孙乐昌 |
| |
| 作者单位: | 解放军电子工程学院网络系,安徽合肥230037 |
| |
| 摘 要: | 针对现有脆弱性数据库存在的不足.文章通过引入CVE的数据兼容机制.按照管理脆弱性数据和服务安全工具并重的原则,提出并扩展设计了一类通用性更好的安全脆弱性数据库系统.可以支持集脆弱性探测、漏洞存储、安全评估于一体的多项应用。此外.对其管理维护和应用访问接口进行了讨论.最后给出了该库在已实现的分布式脆弱性扫描系统和安全评估系统中的具体应用.
|
| 关 键 词: | 脆弱性数据库 CVE 扫描系统 安全评估系统 |
| 文章编号: | 1000-7180(2005)10-152-04 |
| 收稿时间: | 2005-03-07 |
| 修稿时间: | 2005-03-07 |
Extended Design of a CVE Based on Security Vulnerability Database System |
| |
| WANG Sheng, SUN Le-chang. Extended Design of a CVE Based on Security Vulnerability Database System[J]. Microelectronics & Computer, 2005, 22(10): 152-155 |
| |
| Authors: | WANG Sheng SUN Le-chang |
| |
| Affiliation: | Department of Network, PLA Electronic Engineering Institute, Hefei 230037 China |
| |
| Abstract: | According to the defect of current vulnerability databases, an extended design of more universal security vulnerability database system is proposed and given with the principle of both managing vulnerability data and serving security tools, which is CVE-compatible and can be used to support vulnerability detection, storing weakness, security evaluation and so on. The management and API of the system are also discussed, and finally its actual application is presented in the realized distributed vulnerability scanner system and security evaluation system. |
| |
| Keywords: | Vulnerability database Common Vulnerabilities and Exposures (CVE) Scanner system Security evaluation system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
