Software running security measurement and estimation method based on network environment

Abstract

The invention discloses a software running security measurement and estimation method based on a network environment, and belongs to a network information security analysis and estimation technology. The method comprises the following steps of: constructing a measurement system, namely selecting a software security estimation index; performing threat modeling, namely modeling a threat of software under the network environment; and estimating the security of the software, namely performing security estimation on the software facing the threat under the network environment according to the estimation index through a software security estimation method based on reliability, a software security estimation method based on bug and a software security estimation method based on risk. The step of constructing the measurement system also comprises a substep of selecting the completeness, the non-repudiation, the confidentiality, the authorization, the availability and the identity checkability as the software security estimation indexes. By the method, the security bug and the risk of the software can be estimated in advance, so that a function and security module of the software can be immediately adjusted, and dangerous events can be effectively controlled and prevented.

Description

technical field [0001] The present invention relates to network information security analysis and assessment technology, and more specifically, to a software security assessment method in a network environment. Background technique [0002] Nowadays, the software system under the network environment has penetrated into various fields such as the national economy, national defense, and social life. It has changed people's traditional production and lifestyle, and has become an indispensable necessity for human society. On the one hand, people's dependence on software is getting higher and higher, making software systems and functions more and more complex; Quality is becoming more and more difficult, such as system attacks and failures caused by software vulnerabilities, defects and failures, software system paralysis caused by instantaneous mutations in the number of concurrent users of the system, and privacy leaks caused by malicious behaviors of rogue software. Hidden da...

AI Technical Summary

Problems solved by technology

[0003] (1) Corresponding software security analysis and evaluation work was not carried out during the software development cycle, resulting in incomplete software security requirements and a lack of tracking and control of system and software risks

[0004] (2) Lack of sufficient awareness of the application of software security testing in engineering

At present, although domestic software testing includes the testing type of security testing, the testing is not very targeted, and the lack of testing basis is also caused by the lack of comprehensive security requirements.

[0005] (3) There is a lack of a complete description of software security testing related technologies in relevant domestic standards, which also affects the promotion and application of software security testing in the software verification process

Images