计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (34): 85-88.DOI: 10.3778/j.issn.1002-8331.2010.34.027

• 网络、通信、安全 • 上一篇    下一篇

一种面向网络环境属性的安全风险分析框架

陈宇峰1,2,向郑涛1,蒋伟荣1,简 炜1   

  1. 1.湖北汽车工业学院 电气与信息工程学院,湖北 十堰 442002
    2.浙江大学 计算机科学与技术学院,杭州 310027
  • 收稿日期:2009-04-08 修回日期:2009-06-12 出版日期:2010-12-01 发布日期:2010-12-01
  • 通讯作者: 陈宇峰

Security risk analysis framework based on network environment attributes

CHEN Yu-feng1,2,XIANG Zheng-tao1,JIANG Wei-rong1,JIAN Wei1   

  1. 1.School of Electrical and Information Engineering,Hubei University of Automotive Technology,Shiyan,Hubei 442002,China
    2.College of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China
  • Received:2009-04-08 Revised:2009-06-12 Online:2010-12-01 Published:2010-12-01
  • Contact: CHEN Yu-feng

摘要: 通过对网络环境中软硬件条件以及网络攻击机理的分析,提出了一种基于网络环境属性的安全风险分析框架。从软硬件条件的分析中得到环境因素集合;从参考模型和实际监测数据两种情况分析了环境因素引发风险的可能性;通过环境因素与风险后果的映射,分析了环境因素引发不同后果的风险严重性;并从安全边界的角度分析了具有关联性的环境风险和安全子因素所引发风险的可能性和严重性。通过实例说明,该框架能够系统化地分析网络安全风险。

关键词: 网络环境属性, 安全风险分析, 层次分析

Abstract: Based on the analysis of software and hardware of network environment and mechanism of attacks,a security risk analysis framework based on network environment attributes is proposed.The set of environment elements is obtained after analyzing the software and hardware.The probabilities of risks that environment elements may induce are analyzed with two circumstances,which are reference model and real monitor data.By mapping the environment elements and consequences,the risk severe induced by environment elements is analyzed.The risk probabilities and severe induced by related environment risk and security elements are investigated with security boundary.Experiments show that with the framework,network security risk analysis can be implemented systematically.

Key words: network environment attributes, security risk analysis, Analytic Hierarchy Process(AHP)

中图分类号: