| 主流操作系统安全弱点的综合量化评估 |
| |
| 引用本文: | 张永铮,方滨兴,云晓春.主流操作系统安全弱点的综合量化评估[J].高技术通讯,2007,17(4):331-336. |
| |
| 作者姓名: | 张永铮 方滨兴 云晓春 |
| |
| 作者单位: | 1. 中科院计算所,信息智能与信息安全研究中心,北京,100080
2. 哈尔滨工业大学,计算机网络与信息安全研究技术中心,哈尔滨,150001 |
| |
| 基金项目: | 国家自然科学基金
,
国家高技术研究发展计划(863计划)
,
国防科技预研项目 |
| |
| 摘 要: | 在前期研究工作的基础上,将基于指数的微观分析和基于风险和的宏观分析相结合,提出了一种综合量化评估主流操作系统安全弱点的方法,并对Windows NT、Redhat Linux和Solaris等3大主流操作系统6个版本的1081个弱点实施了评估.该方法能够有效地分析各操作系统版本的演进对其安全性的影响,以及横向比较操作系统在不同层次、不同方面的安全状况.
|
| 关 键 词: | 系统安全 弱点评估 量化评估 弱点关联 操作系统 |
| 收稿时间: | 2006-04-10 |
| 修稿时间: | 2006-04-10 |
Integrated quantitative assessment of mainstream operating systems' security vulnerabilities |
| |
| Zhang Yongzheng,Fang Binxing,Yun Xiaochun.Integrated quantitative assessment of mainstream operating systems'''' security vulnerabilities[J].High Technology Letters,2007,17(4):331-336. |
| |
| Authors: | Zhang Yongzheng Fang Binxing Yun Xiaochun |
| |
| Affiliation: | 1Research Center of Information Intelligent and Information Security, Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080;2Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin 150001 |
| |
| Abstract: | On the basis of the previous research work, this paper combines the index-based micro-analysis with the risk sum based macro-analysis to propose an integrated method for quantitative assessment of mainstream operating systems' security vulnerabilities, and evaluates 1081 vulnerabilities related to six versions of three mainstream operating systems Windows NT, RedHat Linux and Solaris. This method can be used to effectively analyze the influences of the evolution of the operating systems on their security and compare the security status of the systems from various aspects on various levels. |
| |
| Keywords: | system security vulnerability assessment quantitative evaluation vulnerability correlation operating system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
