| 基于OVAL的新型漏洞评估系统 |
| |
| 引用本文: | 陈秀真,李建华. 基于OVAL的新型漏洞评估系统[J]. 小型微型计算机系统, 2007, 28(9): 1554-1557 |
| |
| 作者姓名: | 陈秀真 李建华 |
| |
| 作者单位: | 上海交通大学,信息安全工程学院,上海,200240 |
| |
| 摘 要: | 漏洞评估技术基于防患于未然思想,采用主动探测方法发现系统存在的安全漏洞并提供相应解决方案.针对目前漏洞评估系统存在误报率高、扫描时间长且需要开发攻击代码的缺点,本文提出一种基于OVAL的新型漏洞评估系统.该系统由控制台、数据中心和检测代理3大模块组成,这三个模块协同实现漏洞评估.与现有漏洞评估系统相比,具有精度高、对目标系统性能影响小、评估时间短和可扩展性强的优点,而且免除传统漏洞评估系统所需的攻击代码开发工作.
|
| 关 键 词: | 漏洞评估 检测代理 控制台 |
| 文章编号: | 1000-1220(2007)09-1554-04 |
| 修稿时间: | 2006-06-13 |
A Novel Vulnerability Assessment System Based on OVAL |
| |
| CHEN Xiu-zhen,LI Jian-hua. A Novel Vulnerability Assessment System Based on OVAL[J]. Mini-micro Systems, 2007, 28(9): 1554-1557 |
| |
| Authors: | CHEN Xiu-zhen LI Jian-hua |
| |
| Affiliation: | School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China |
| |
| Abstract: | The main intention of vulnerability assessment technology is to find existed vulnerabilities hidden in the networked systems by active probing and to provide corresponding solutions before hackers exploit them. It is based on the idea of nip in the bud. The most vulnerability assessment systems have shortcomings of high false rate, long-term scanning period and using exploit code. Aimed at these shortcomings, a novel model of vulnerability assessment based on open vulnerability assessment language is proposed in this paper. The proposed system consists of three modules: central console, checking agent and data center, which corporate to achieve vulnerability assessment. Compared with other vulnerability assessment systems, it is of high precision, low impact on the audited system performance, short term scanning period and strong scalability. Moreover, it avoids the work of developing exploit code required by traditional vulnerability assessment systems. |
| |
| Keywords: | OVAL |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
