上海交通大学学报

上海交通大学学报(自然版)

• 自动化技术、计算机技术 • 上一篇    下一篇

基于全局权限图的网络风险评估模型

张保稳1,罗铮2,薛质1,银鹰1
  

  1. (1.上海交通大学 信息安全工程学院, 上海 200240; 2.公安部第三研究所, 上海 201204)
  • 收稿日期:2009-11-02 修回日期:1900-01-01 出版日期:2010-09-28 发布日期:2010-09-28

A Network Risk Assessment Model Based on Network Global Privilege Graph

ZHANG Baowen1,LUO Zheng2,XUE Zhi1,YIN Ying1
  

  1. (1. School of Information Security, Shanghai Jiaotong University, Shanghai 200240, China;
    2. Third Institute of the Ministry of Public Security of China, Shanghai 201204, China)
  • Received:2009-11-02 Revised:1900-01-01 Online:2010-09-28 Published:2010-09-28

摘要: 提出一种全局网络权限图的概念和生成方法,基于网络权限图建立了一种新的网络风险评估模型,结合虚构的网络环境,对上述生成算法和网络评估模型加以验证.结果表明:与常规评估方法相比,由于引入了漏洞的量化数据等网络安全配置信息,该方法的评估结果更为精确.

关键词: 网络安全, 风险评估

Abstract: A concept of global network privilege graph and its generation method were proposed. Then a novel network risk assessment model based on privilege graph was proposed. The algorithm and model were verified using a demonstrative network. The results show that the assessment achieved by the model is more exact than common methods because the model considers the quantitative data of vulnerabilities and other security configuration information.

中图分类号: