| 密码产品安全风险评估技术研究 |
| |
| 引用本文: | 帅飞,李俊全,尤娟.密码产品安全风险评估技术研究[J].计算机工程与设计,2012,33(4):1290-1294. |
| |
| 作者姓名: | 帅飞 李俊全 尤娟 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院,河南郑州,450004 |
| |
| 摘 要: | 为了保证密码产品风险评估的客观性和准确性,提出了基于威胁分析的定量密码产品安全风险评估方法.针对现有基于安全威胁分析的风险评估方法中,安全威胁概率大都依靠专家经验确定的不足,引入贝叶斯理论,在安全威胁分析和安全防护措施分级的基础上,根据安全威胁和安全防护措施因果关系构建贝叶斯评估网络,计算安全威胁生效概率和产品安全风险值.应用该方法对HAIPE进行了风险评估,实验结果表明了该方法的有效性和合理性.
|
| 关 键 词: | 密码产品 安全威胁 安全措施 贝叶斯网络 安全风险评估 |
Research on security risk assessment technology of cryptographic product |
| |
| SHUAI Fei
,
LIJun-quan
,
YOU Juan.Research on security risk assessment technology of cryptographic product[J].Computer Engineering and Design,2012,33(4):1290-1294. |
| |
| Authors: | SHUAI Fei LIJun-quan YOU Juan |
| |
| Affiliation: | (Institute of Electronic Technology,PLA Information Engineering University,Zhengzhou 450004,China) |
| |
| Abstract: | To ensure objectivity and accuracy of the cryptographic product risk assessment,a quantitative risk assessment method based on threat analysis is proposed.According to the shortcoming of threat probability dependence on expert experience in security risk assessment method based on security threat analysis.On the basis of threat analysis and security measure classification,the method calculates the security threat available-probability and security risk value of cryptographic products by the Bayesian network,which is built on the causality between security threats and measures.Finally,the method is used to assess the security risk of HAIPE,test and verify the availability and rationality of the proposed method. |
| |
| Keywords: | cryptographic product security threat security measure Bayesian network security risk assessment |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
