Risk assessment method and apparatus for software system vulnerability
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A software system and risk assessment technology, applied in the field of information security, can solve problems such as the inability to comprehensively assess the security risks of software systems, and achieve the effect of intuitive and accurate security risks
Inactive Publication Date: 2015-11-11
北京系统工程研究所
View PDF4 Cites 19 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0010] Existing software system security risk assessment methods cannot comprehe
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0034] An embodiment of the present invention provides a software system vulnerability risk assessment method, such as figure 1 As shown, the software system vulnerability risk assessment method includes:
[0035] S11. Preprocessing the software package dependency metadata in the software system to construct a software dependency network, wherein the software package dependency metadata is a file recording information of all software packages in the software system.
[0036] For example: in the / dists / lucid / main / binary-i386 / packages.gz file in the Ubuntu system, the information of each software package in the system can be obtained from the metadata, including the package name, dependent software package, priority, etc.
[0037] Construct the dependency network graph G(V, E) of all software packages in the system by relying on software package information, that is, the software dependency network, where V represents the set of all nodes in the graph, and E represents the set o...
Embodiment 2
[0066] This embodiment provides a software system vulnerability risk assessment device, such as Figure 7 As shown, the software system vulnerability risk assessment device includes:
[0067] Dependent network construction unit 11, used to preprocess the software package dependent metadata in the software system, and build a software dependent network, wherein the software package dependent metadata is a file recording all software package information in the software system;
[0068] An association relationship building unit 12, configured to acquire vulnerability information, and construct an association relationship between the vulnerability and the software package according to the vulnerability information;
[0069] The dependency subgraph construction unit 13 is used to query software packages with vulnerabilities and other software packages that directly or indirectly depend on the software packages according to the software dependency network and the association between...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
Embodiments of the present invention disclose a risk assessment method and apparatus for software system vulnerability, and relate to the technical field of information security, solving the problems in the prior art that comprehensive assessment on security risks in a software system cannot be performed visually and accurately. The risk assessment method for software system vulnerability comprises: preprocessing software package dependency metadata in a software system and establishing a software dependency network; obtaining vulnerability information, and according to the vulnerability information, constructing an association relationship between vulnerability and software packages; according to the software dependency network and the association relationship between vulnerability and software packages, searching for a software package with vulnerability and other software packages that directly or indirectly depend on the software package, and constructing a software package dependency relationship subgraph; based on importance of each node in the software package dependency relationship subgraph, assessing a security risk imposed by the vulnerability on the entire software system. The method and the apparatus provided by the embodiments of the present invention are mainly used for assessing a risk of vulnerability of a complex software system.
Description
technical field [0001] The present invention relates to the technical field of information security, in particular to a software system vulnerability risk assessment method and device. Background technique [0002] As software systems become more complex and larger in scale, the application of modern software engineering methods such as componentized software development is promoted, and software systems are often not developed from scratch, but heavily referenced or dependent on other third-party software . These softwares exist in the form of software packages, components, function libraries, modules, Web services, etc., and through consistent interface specifications, use function calls, data transfers, module combinations, etc. to interact, and together form large-scale and complex large-scale software systems. The componentized software engineering development method is conducive to the reuse of components, and can quickly use existing components to build complex appli...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more