| 基于攻击树的安全芯片穿透性測试评估 |
| |
| 引用本文: | 张俊彦,陈清明.基于攻击树的安全芯片穿透性測试评估[J].计算机工程,2014(6):115-119,124. |
| |
| 作者姓名: | 张俊彦 陈清明 |
| |
| 作者单位: | 上海市信息安全测评认证中心,上海200011 |
| |
| 基金项目: | 质检公益性行业科研专项基金资助项目(201310033). |
| |
| 摘 要: | 随着安全芯片应用范围的不断扩大和应用环境的日趋复杂,需要通过穿透性测试验证芯片的安全性,同时有必要对测试进行评估。为此,提出一种基于攻击树模型的安全芯片穿透性测试评估方法。分析安全芯片的穿透性测试过程,采用攻击树模型作为穿透性测试的描述模型,在此基础上提出攻击事件的多属性赋值方法、攻击代价的推算方法和攻击路径的分析方法。应用结果表明,该方法可准确评估安全芯片穿透性测试结果。
|
| 关 键 词: | 安全芯片 穿透性测试 攻击树 攻击代价 攻击路径 非侵入式攻击 半侵入式攻击 |
Penetration Testing Evaluation of Security Chip Based on Attack Tree |
| |
| ZHANG Jun-yan,CHEN Qing-ming.Penetration Testing Evaluation of Security Chip Based on Attack Tree[J].Computer Engineering,2014(6):115-119,124. |
| |
| Authors: | ZHANG Jun-yan CHEN Qing-ming |
| |
| Affiliation: | (Shanghai Information Security Testing Evaluation and Certification Center, Shanghai 200011, China) |
| |
| Abstract: | As the range of applications for the security chip continues to expand and the application environment is increasingly complex, the penetration testing of security chip is necessary, and the testing evaluation is also necessary. So this paper proposes a method of penetration testing the security chip based on attack tree. It analyzes the testing process for the penetration testing to the security chip and adopts the multi-attribute utility of attacks event. It proposes a quantitative calculating method of attack cost and an attack path analysis method. Application results show that the method is objective and effective. It can provide guidance for the implementation of the security chip penetration testing, and make rules for chip security measures. |
| |
| Keywords: | security chip penetration testing attack tree attack cost attack route non-invasive attack semi-invasive attack |
| 本文献已被 维普 等数据库收录! |
