A software security assessment system based on analysis of vulnerabilities

被引：0

作者：

Sui, Chenmeng ^{[1
,2
]}

Liu, Yanzhao ^{[1
]}

Liu, Yun ^{[2
]}

机构：

[1] China Information Technology Security Evaluation Center, Beijing

[2] Key Laboratory of Communication and Information Systems, Beijing Jiaotong University, Beijing

来源：

Journal of Convergence Information Technology | 2012年 / 7卷 / 06期

关键词：

CVSS; Quantitative scoring; Software security; SSAS; VRSS; Vulnerability analysis;

D O I：

10.4156/jcit.vol7.issue6.26

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

In recent years, software security plays an important role in verifying system safety and avoiding the casualties and property losses, but it is difficult to assess system security in traditional software engineering and software test. Focusing on the software security assessment system, this paper based on the vulnerability analysis method, which takes the advantage of both qualitative analysis and quantitative analysis to assess the security of software. The major methods of domestic and foreign software security measurement are discussed. Through the comparative analysis of existing vulnerability rating system, especially the CVSS and VRSS, this paper discovers their respective advantages and proposes a more accurate rating system to obtain the final security score of the software system. An example application is provided in the paper, which shows that the assessment system we proposed is practical.

引用

页码：211 / 219

页数：8

共 14 条

[1]

Yamada S., Reliability/safety evaluation of software, Safety Eng, 33, pp. 432-441, (1994)

[2]

Gwandu B.A.L., Creasey D.J., Using formal methods in design for reliability as applied to an electronic system that in tegrates software and hardware to perform a function, Microelectronic Reliable, 8, 35, pp. 1111-1124, (1995)

[3]

Ma J., Research of electronic business security based on public key encryption methods, International Journal of Advancements in Computing Technology (IJACT), 4, 2, pp. 50-57, (2012)

[4]

Jiang Y., Jiang D., The security assessment method of wireless sensor network with interval grey linguistic variables, International Journal of Advancements in Computing Technology (IJACT), 3, 10, pp. 85-91, (2011)

[5]

He X., Jun Z., Chang L., A Survey on Research of Software Safety Test, Computer Measurement& Control, 19, 3, pp. 493-496, (2011)

[6]

Wang A.J., Wang H., Guo M., Xia M., Security Metrics for Software Systems, Proceedings of the ACMSE '09 March, pp. 19-21, (2009)

[7]

Liu Q., Zhang Y., VRSS: A new system for rating and scoring vulnerabilities, Computer Communications, 34, pp. 264-273, (2011)

[8]

Chambers J., Thompson J., Common Vulnerability Scoring System, (2004)

[9]

Mell P., Scarfone K., Romanosky S., A Complete Guide to The Common Vulnerability Scoring System, (2007)

[10]

Yong-Zheng Z., Xiao-Chun Y., Ming-Zeng H., Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute, Journal of China Institute of Communications, 25, 7, pp. 102-110, (2004)

← 1 2 →