| 基于特权提升的多维量化属性弱点分类法的研究 |
| |
| 引用本文: | 张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. |
| |
| 作者姓名: | 张永铮 云晓春 胡铭曾 |
| |
| 作者单位: | 哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001 |
| |
| 基金项目: | 国防“十五”预研基金资助项目(413150701) |
| |
| 摘 要: | 在分析国际上典型的弱点分类方法的基础上,提出了一种基于特权提升的多维量化属性的弱点分类法,并以三个弱点为例,分析了该弱点分类法的特点,给出了弱点的风险评估算式以及风险评估级的划分。
|
| 关 键 词: | 网络安全 计算机弱点 弱点分类 特权提升 风险评估 |
| 文章编号: | 1000-436X(2004)07-0107-08 |
| 修稿时间: | 2004年2月10日 |
Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute |
| |
| ZHANG Yong-zheng,YUN Xiao-chun,HU Ming-zeng.Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute[J].Journal on Communications,2004,25(7):107-114. |
| |
| Authors: | ZHANG Yong-zheng YUN Xiao-chun HU Ming-zeng |
| |
| Abstract: | On the basis of analyzing of research achievements of typical vulnerability taxonomies in the world, a privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute is presented in this paper. Then we give examples of three vulnerabilities to illustrate the characteristics of this taxonomy, and present the risk evaluation formula and ranks of the evaluation level of risk. |
| |
| Keywords: | network security computer vulnerability vulnerability taxonomy privilege escalation risk evaluation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
