Software running security measurement and estimation method based on network environment

A software security and network environment technology, applied in the field of network information security analysis and evaluation, can solve problems such as lack, lack of pertinence, lack of test basis, etc., and achieve the effect of objective evaluation, good scalability, and flexible evaluation methods

Active Publication Date: 2012-11-28
CHINA INFORMATION TECH SECURITY EVALUATION CENT
View PDF4 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] (1) Corresponding software security analysis and evaluation work was not carried out during the software development cycle, resulting in incomplete software security requirements and a lack of tracking and control of system and software risks
[0004] (2) Lack of sufficient awareness of the application of software security testing in engineering
At present, although domestic software testing includes th...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software running security measurement and estimation method based on network environment
  • Software running security measurement and estimation method based on network environment
  • Software running security measurement and estimation method based on network environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] In order to make the above objectives, features and advantages of the present invention more obvious and understandable, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0023] Refer to figure 1 , figure 1 It is a step flow chart of the software security assessment embodiment in the network environment of the present invention, including the following steps: establishing a measurement system step S110, selecting software security assessment indicators; threat modeling step S120, modeling the threats faced by the software in the network environment ; Software security assessment step S130, based on the assessment indicators, using reliability-based software security assessment methods, vulnerability-based software security assessment methods, and risk-based software security assessment methods to perform security assessment on software facing threats in the network environment .

[0024] f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software running security measurement and estimation method based on a network environment, and belongs to a network information security analysis and estimation technology. The method comprises the following steps of: constructing a measurement system, namely selecting a software security estimation index; performing threat modeling, namely modeling a threat of software under the network environment; and estimating the security of the software, namely performing security estimation on the software facing the threat under the network environment according to the estimation index through a software security estimation method based on reliability, a software security estimation method based on bug and a software security estimation method based on risk. The step of constructing the measurement system also comprises a substep of selecting the completeness, the non-repudiation, the confidentiality, the authorization, the availability and the identity checkability as the software security estimation indexes. By the method, the security bug and the risk of the software can be estimated in advance, so that a function and security module of the software can be immediately adjusted, and dangerous events can be effectively controlled and prevented.

Description

Technical field [0001] The present invention relates to network information security analysis and evaluation technology, and more specifically, to a software security evaluation method in a network environment. Background technique [0002] Nowadays, the software system under the network environment has penetrated into various fields such as national economy, national defense, and social life. It has changed people's traditional production and life style, and has become an indispensable necessity of human society. On the one hand, people are increasingly dependent on software, making software systems and functions more and more complex. On the other hand, due to the openness of the software development process and the uncertainty of the network environment, the software must be guaranteed Quality is getting harder and harder, such as system attacks and failures caused by software vulnerabilities, defects and failures, software system paralysis caused by the instantaneous mutation...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00
Inventor 吴世忠赵向辉刘晖易锦刘彦钊张磊刘林吴润浦李娟
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap