| 一种适用于配置漏洞的安全配置评估系统 |
| |
| 引用本文: | 杨文杰,蔡勉.一种适用于配置漏洞的安全配置评估系统[J].计算机与现代化,2012(8):71-76. |
| |
| 作者姓名: | 杨文杰 蔡勉 |
| |
| 作者单位: | 北京工业大学计算机学院,北京,100124 |
| |
| 摘 要: | 为了对大量存在的配置漏洞进行风险评估从而做出相应的补救措施,以使可能的损失降到最低,本文首先研究通用漏洞评估系统(CVSS)的评估体系,然后结合配置设置自身的特点,对CVSS标准进行修改,提出适用于配置漏洞评估的安全配置评估系统(SCVSS),并通过CCE的配置实例验证了SCVSS的正确性。SCVSS是一种有效的配置评估系统。
|
| 关 键 词: | 配置漏洞 安全 通用漏洞评估系统 配置评估 |
A Security Configuration Scoring System Applying for Configuration Vulnerabilities |
| |
| YANG Wen-jie
,
CAI Mian.A Security Configuration Scoring System Applying for Configuration Vulnerabilities[J].Computer and Modernization,2012(8):71-76. |
| |
| Authors: | YANG Wen-jie CAI Mian |
| |
| Affiliation: | (College of Computer,Beijing University of Technology,Beijing 100124,China) |
| |
| Abstract: | In order to score configuration vulnerabilities existed in large number,and then make the corresponding remedial measures so as to minimize the possible losses,this article researches on common vulnerabilities scoring system firstly,and then modifies the specification of CVSS according to the characteristic of configuration setting.At last,it proposes a security configuration scoring system applied for configuration vulnerabilities and proves the correction of SCVSS using the configuration items of Common Configuration Enumeration.SCVSS is an effective configuration scoring system. |
| |
| Keywords: | configuration vulnerabilities security common vulnerabilities scoring system configuration scoring |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
