| 国家电网边缘计算应用安全风险评估研究 |
| |
| 引用本文: | 郭昊,何小芸,孙学洁,陈红松,刘周斌,颉靖.国家电网边缘计算应用安全风险评估研究[J].计算机工程与科学,2020,42(9):1563-1571. |
| |
| 作者姓名: | 郭昊 何小芸 孙学洁 陈红松 刘周斌 颉靖 |
| |
| 作者单位: | (1.全球能源互联网研究院有限公司,北京 102209;2.信息网络安全国家电网重点实验室,北京 102209;
3.北京科技大学计算机与通信工程学院,北京 100083;4.国网浙江省电力有限公司电力科学研究院,浙江 杭州 310014;
5.国家工业信息安全发展研究中心国防电子所,北京 100040) |
| |
| 摘 要: | 依据国家网络安全等级保护与风险评估系列标准以及电力信息系统特点,提出国家电网边缘计算应用安全的风险评估模型,然后采用漏洞扫描工具AWVS、AppScan分别对集成最新安全漏洞的开源Web应用靶机软件BWAPP进行安全漏洞评测与风险评估实验,再运用模糊层次分析法对Web应用安全进行综合安全评价。针对应用程序的安全检测实验结果整理安全评估数据,实现对国家电网边缘计算应用安全风险评估的实例化验证。
|
| 关 键 词: | 边缘计算 应用安全 风险评估 |
| 收稿时间: | 2019-10-14 |
| 修稿时间: | 2020-04-10 |
Application security risk assessment of state grid edge computing |
| |
| GUO Hao,HE Xiao-yun,SUN Xue-jie,CHEN Hong-song,LIU Zhou-bin,XIE Jing.Application security risk assessment of state grid edge computing[J].Computer Engineering & Science,2020,42(9):1563-1571. |
| |
| Authors: | GUO Hao HE Xiao-yun SUN Xue-jie CHEN Hong-song LIU Zhou-bin XIE Jing |
| |
| Affiliation: | (1.Global Energy Interconnection Research Institute Co.,Ltd.,Beijing 102209;
2.State Grid Key Laboratory of Information & Network Security,Beijing 102209;
3.School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083;
4.State Grid Zhejiang Province Electric Power Research Institute,Hangzhou 310014;
5.Defense Electronics Institute,China Industrial Control System Cyber Emergency Response Team,Beijing 100040,China) |
| |
| Abstract: | According to a series of the national cyber security level protection and risk assessment standards and the characteristics of electric power information systems, a risk assessment model for application security of state grid edge computing is proposed. Then, the vulnerability scanning tools AWVS and AppScan are used to target security vulnerability evaluation and risk assessment experiments on the open source web application target software BWAPP that integrates the latest security vulnerabilities. Finally, the fuzzy analytic hierarchy method is used to comprehensively evaluate the security of Web application security. Based on the test results of the application security, the security assessment data are compiled to realize the verification of the application security risk assessment of the state grid edge computing. |
| |
| Keywords: | edge computing application security risk assessment |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
