CN101674302A - Method and device for conducting security identification on information system - Google Patents

Method and device for conducting security identification on information system Download PDF

Info

Publication number
CN101674302A
CN101674302A CN200910093975A CN200910093975A CN101674302A CN 101674302 A CN101674302 A CN 101674302A CN 200910093975 A CN200910093975 A CN 200910093975A CN 200910093975 A CN200910093975 A CN 200910093975A CN 101674302 A CN101674302 A CN 101674302A
Authority
CN
China
Prior art keywords
value
threat
information system
assets
target information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200910093975A
Other languages
Chinese (zh)
Inventor
何伟
谭曙光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Wangyu Technology Beijing Co Ltd
Original Assignee
Lenovo Wangyu Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Wangyu Technology Beijing Co Ltd filed Critical Lenovo Wangyu Technology Beijing Co Ltd
Priority to CN200910093975A priority Critical patent/CN101674302A/en
Publication of CN101674302A publication Critical patent/CN101674302A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a method and a device for conducting security identification on an information system. The method includes the following steps: determining a target information system; according to the result of security threat modeling of the target information system, acquiring the security attribute value of each property in the target information system and the quantization value of the corresponding threat category; according to the quantization value of the threat category, calculating the security information value of each property in the target information system; according to the security information value of each property and the weight value of each property in the target information system, obtaining the security information value of the target information system; and according to the security information value of the target information system, searching for a preset security level list and obtaining the corresponding security level of the target information system. By quantizing the property, threat and leak in the information system and comprehensively considering the security risk in the information system, the embodiment meets the requirement of the information system on security identification.

Description

Information system is carried out the method and the device of fail safe identification
Technical field
The present invention relates to the security information technical field, relate in particular to a kind of method and device that information system is carried out fail safe identification.
Background technology
Information system security identification is meant according to safe practice and administrative standard for information about, the process that the security attributes such as confidentiality, integrity, and availability of information system and processing, transmission and canned data are discerned.A most important step is exactly how to discern threat and quantize to threaten the possibility that takes place in the process of fail safe identification.Impending when identification in the prior art, the security evaluation personnel that mainly depend on information system judge according to technical experience, information system is carried out the leak information of acquired information system behind the vulnerability scanning, determine the threat that information system exists according to leak information, for example, the difference according to threaten degree is provided with different leak risk class.
The inventor finds in the research process to prior art, and existing fail safe identification is main according to deriving the full spectrum of threats that this information system faces to the vulnerability scanning result of information system is reverse.But, the threat that information system faces is because some defectives of existing in design, construction and O﹠M process of system and some event sources that may work the mischief to the Key Asset in the information system, these event sources can not only be discerned from the vulnerability scanning result to equipment (hardware, software), for example, the common unencrypted text message (being not limited to weak passwurd) that transmits in the network, by vulnerability scanning is the leak that can not detect its existence, and the unencrypted transmitted data on network may make the threat of systems face information leakage in the actual motion environment.Therefore, existing threat identification based on vulnerability scanning is difficult to satisfy the fail safe identification requirement of information system.
Summary of the invention
The purpose of the embodiment of the invention provides a kind of method and device that information system is carried out fail safe identification, to solve the problem that existing threat identification based on vulnerability scanning is difficult to satisfy the information system security identification requirement.
For solving the problems of the technologies described above, the embodiment of the invention provides following technical scheme:
A kind of method that information system is carried out fail safe identification comprises:
Determine target information system;
According to the result that described target information system is carried out the security threat modeling, obtain the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system;
According to the quantized value of described threat, calculate the security information value of each assets in the described target information system;
According to the security information value and the weighted value of described each assets in described target information system of described each assets, obtain the security information value of described target information system;
Search the safe class tabulation that sets in advance according to the security information value of described target information system, obtain the safe class of described target information system correspondence.
Describedly target information system carried out the security threat modeling comprise:
Described target information system is analyzed, obtained the assets that comprise in the described target information system;
Function according to described target information system is divided into different functional modules with described target information system;
Obtain data flow in the described target information system according to the interactive relation between the described functional module;
Predict the threat of described each bar data flow correspondence and the assets of influence thereof.
The described security attribute value of obtaining each assets in the target information system comprises:
Determine the security attribute subvalue of each assets, described security attribute subvalue comprises confidentiality value, integrity value and availability value;
According to the described security attribute subvalue's who sets in advance weight, calculate the security attribute value of described each assets.
The described quantized value that obtains the threat of each assets correspondence comprises:
Described each assets are carried out vulnerability scanning, obtain the leak class value of leak correspondence in each assets;
Obtain the attack factor value of described each assets according to the leak class value of described each assets and the attacking ability value of utilizing described leak to possess;
According to the threat of described assets correspondence, search the threat risk value table that sets in advance, obtain the threat risk value of described threat correspondence;
The quantized value that described threat is exported in the threat risk value and the addition of described attack factor value of described threat correspondence.
Described quantized value according to described threat, the security information value of calculating each assets in the described target information system comprises:
Search the threat risk value table that sets in advance, obtain the potential loss score value of described threat correspondence;
With the multiply each other potential threat loss value of the described assets of output of described security attribute value and described potential loss score value;
The quantized value of described potential threat loss value and described threat multiplied each other obtain the security information value of described assets.
Described threat risk value table is the threat risk value table of setting up according to the DREAD risk model;
Described threat risk value comprises: potential loss score value, recycling score value, availability score value, affected user score value and the property found score value.
A kind of device that information system is carried out fail safe identification comprises:
Determining unit is used for determining target information system;
Modeling unit is used for described target information system is carried out the security threat modeling;
Acquiring unit is used for the modeling result according to described modeling unit, obtains the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system;
Computing unit, be used for quantized value according to described threat, calculate the security information value of each assets in the described target information system, and, obtain the security information value of described target information system according to the security information value and the weighted value of described each assets in described target information system of described each assets;
Recognition unit is used for searching the safe class tabulation that sets in advance according to the security information value of described target information system, obtains the safe class of described target information system correspondence.
Described modeling unit comprises:
The Assets Analyst unit is used for described target information system is analyzed, and obtains the assets that comprise in the described target information system;
The functional module division unit is used for according to the function of described target information system described target information system being divided into different functional modules;
The data flow acquiring unit is used for obtaining according to the interactive relation between the described functional module data flow of described target information system;
The threat predicting unit is used to predict the threat of described each bar data flow correspondence and the assets of influence thereof.
Described acquiring unit comprises and obtains the security attribute value cell, specifically comprises:
Security attribute subvalue determining unit is used for determining the security attribute subvalue of each assets, and described security attribute subvalue comprises confidentiality value, integrity value and availability value;
Security attribute value computing unit is used for the weight according to the described security attribute subvalue who sets in advance, and calculates the security attribute value of described each assets.
Described acquiring unit comprises and obtains the quantized value unit, specifically comprises:
The vulnerability scanning unit is used for described each assets are carried out vulnerability scanning, obtains the leak class value of leak correspondence in each assets;
Attack factor value acquiring unit is used for obtaining according to the leak class value of described each assets and the attacking ability value of utilizing described leak to possess the attack factor value of described each assets;
The threat risk value acquiring unit is used for the threat according to described assets correspondence, searches the threat risk value table that sets in advance, and obtains the threat risk value of described threat correspondence;
The quantized value output unit is used for the quantized value that described threat is exported in the threat risk value and the addition of described attack factor value of described threat correspondence.
Described computing unit comprises:
The potential loss score value is searched the unit, is used to search the threat risk value table that sets in advance, and obtains the potential loss score value of described threat correspondence;
Potential threat loss value output unit is used for the multiply each other potential threat loss value of the described assets of output of described security attribute value and described potential loss score value;
Security information value acquiring unit is used for quantized value with described potential threat loss value and described threat and multiplies each other and obtain the security information value of described assets.
As seen, after determining target information system in embodiments of the present invention, according to the result who described target information system is carried out the security threat modeling, obtain the quantized value of security attribute value with the threat of correspondence of each assets in the target information system, quantized value according to threat, calculate the security information value of each assets in the target information system, security information value and the weighted value of each assets in target information system according to each assets, obtain the security information value of target information system, search the safe class tabulation that sets in advance according to the security information value of target information system, obtain the safe class of target information system correspondence.Use the embodiment of the present application information system is carried out fail safe identification, owing to be not the fail safe that the subjective factors such as experience according to the security evaluation personnel come the identifying information system, but by assets, threat and leak in the information system are quantized, taken all factors into consideration the security risk in the information system, therefore satisfied the requirement of information system, for the fail safe of information system provides quantizating index to fail safe identification.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, the accompanying drawing that describes below only is some embodiment that put down in writing among the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 carries out the first embodiment flow chart of the method for fail safe identification to information system for the present invention;
Fig. 2 carries out the second embodiment flow chart of the method for fail safe identification to information system for the present invention;
Fig. 3 A carries out the structural representation of the virtual site information management system of fail safe identification for the method for using fail safe identification of the present invention;
Fig. 3 B is the data flow diagram in the virtual site information management system shown in Fig. 3 A;
Fig. 4 carries out the embodiment block diagram of the device of fail safe identification to information system for the present invention.
Embodiment
The embodiment of the invention provides a kind of method and device that information system is carried out fail safe identification.
In order to make those skilled in the art person understand technical scheme in the embodiment of the invention better, and the above-mentioned purpose of the embodiment of the invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing technical scheme in the embodiment of the invention is described in further detail.
Referring to Fig. 1, information system is carried out the first embodiment flow chart of the method for fail safe identification for the present invention:
Step 101: determine target information system.
Step 102:, obtain the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system according to the result that target information system is carried out the security threat modeling.
Step 103:, calculate the security information value of each assets in the target information system according to the quantized value of threat.
Step 104:, obtain the security information value of described target information system according to the security information value and the weighted value of each assets in target information system of each assets.
Step 105: search the safe class tabulation that sets in advance according to the security information value of target information system, obtain the safe class of target information system correspondence, finish current flow process.
Referring to Fig. 2, for the present invention carries out the second embodiment flow chart of the method for fail safe identification to information system, this embodiment is an example with the virtual site information management system, shows in detail the process of carrying out fail safe identification:
Step 201: determine target information system.
Target information system is exactly the information system that will carry out fail safe identification, for example, can be the virtual site information management system of mentioning in the present embodiment, also can be other information system that has security risk.
Step 202: target information system is analyzed the assets that obtain comprising in the target information system.
With the virtual site information management system is example, assets comprise all tangible and intangible assets that relate in this system's normal course of operation, as hardware assets such as the WEB server of beared information system, database servers, and stored user information, system data assets such as externally release news in the database.In the fail safe identifying, assets are not to weigh by its economic worth, but decide by its integrality, confidentiality and three security attributes of availability shared weight in information system.The security attribute of assets has embodied the fail safe of whole information system.
Step 203: the function according to target information system is divided into different functional modules with target information system.
With the virtual site information system is example, it is the technology that function, operation flow, architecture, physics for inventory system disposed and taked when making up information system that this virtual site information system is divided into different functional modules, so that follow-up according to obtaining the fail safe identifying information alternately between the difference in functionality module.
Referring to Fig. 3 A, carry out the structural representation of the virtual site information management system of fail safe identification for the method for using fail safe identification of the present invention.This information management system has comprised WEB server and the WEB user mutual with website application program, and website application program is simultaneously mutual with database server.Hence one can see that, the function that four functional modules that obtain after this virtual site information management system divided realize comprises: system's (website application program) obtains the site information that the user submits to from client (WEB user), on Web server, data are carried out certain analysis, and the information stores after will analyzing is on database server.
Step 204: obtain data flow in the target information system according to the interactive relation between the functional module.
Because the test and appraisal personnel are subject to many subjective factors when directly analyzing the threat that static assets face, and data flow can be associated with each assets of information system in data flow in the way, therefore to dynamic data flow impend identification and determine each assets that threaten influence will be more objective, comprehensive, efficient.
Carry out in step 203 pair virtual site information system further according to the interactive relation between each functional module, obtaining the data flow between each functional module on the basis of functional module division; Simultaneously can also when obtaining data flow, identify the trust boundaries between each functional module, create the data flow graph of a relation.
Referring to Fig. 3, be the data flow diagram in the virtual site information management system shown in Fig. 3 A.Between the server and client side of this information system, there is a trust boundaries, the data flow of client-side inside, perhaps trusting relationship is stronger between the data flow of server side inside.At client-side, each client all has a data flow to stride across trust boundaries, and according to Fig. 3 as can be known, the data flow of this information system that can obtain comprises three altogether, and is as follows:
Data flow 1: user → data collection;
Data flow 2: data collection → data analysis;
Data flow 3: data analysis → storage.
Step 205: predict the threat of each bar data flow correspondence and the assets of influence thereof.
The threat of prediction data stream mainly is that each data flow in the information system that will obtain in the step 204 is analyzed from six security attribute aspects such as authentication, data integrity, confidentiality, availability, information approval and access authorizations respectively, discerns each data flow and threatens the assets of influence in the threat that faces aspect above-mentioned six security attributes and each.Respectively three data flow are analyzed below:
Data flow 1: the user is to data collection
Data tampering may take place and attack after the data that client is submitted to are sent to the data collection process in the user, that is, data when transmitting by Internet probably victim revise, thereby the integrality of data of information system assets is constituted a threat to; In addition, the another kind of threat that also may face is an information leakage, and promptly data possible people that should do not possessed access rights in transmission course reads, thereby the confidentiality of data of information system assets is constituted a threat to.
Data flow 2: data collection is to data analysis
Denial of Service attack may take place to the data flow of data analysis in data collection, and the assailant may stop validated user visit WEB server, thereby the availability of information system hardware assets is constituted a threat to.
Data flow 3: data analysis is to storage
Therefore data flow 3 is completely contained in the trust boundaries, and to compare the degree of being attacked relatively low with data flow 1.But the assailant of this data flow may more come from information system inside, therefore can be subjected to the attack of information leakage equally, thereby the confidentiality of data of information system assets is constituted a threat to; In addition,, then understand the threat that configuration information is revealed and information is distorted equally, influence the data assets of system if storage is distributed on the different main frames with data analysis.
Step 206: determine the security attribute subvalue of each assets, the security attribute subvalue comprises confidentiality value, integrity value and availability value.
Step 207:, calculate the security attribute value of each assets according to the security attribute subvalue's who sets in advance weight.
Abovementioned steps was described, and the security attribute value of assets is carried out Comprehensive Assessment from integrality subvalue, confidentiality subvalue and three aspects of availability subvalue, and the security attribute value of assets can be calculated according to the following equation:
A=Sr×Sv+Ir×Iv+Ar×Av;
Wherein, A is the security attribute value of assets, and Sr is the shared weight of the confidentiality subvalue of these assets, and Sv is the confidentiality subvalue of these assets; Ir is the shared weight of the integrality subvalue of these assets, and Iv is this assets integrality subvalue; Ar is the shared weight of this assets availability subvalue, and Av is this assets availability subvalue.Wherein, confidentiality subvalue, integrality subvalue and availability subvalue's weight span is between 0~1, and three's sum is 1, in the present embodiment, the confidentiality subvalue of assets, integrality subvalue and availability subvalue's span can be between 0~5, this the embodiment of the present application is not limited, and the security attribute value scope of assets is also between 0~5 thus.
Step 208: each assets are carried out vulnerability scanning, obtain the leak class value of leak correspondence in each assets.
After information system is carried out vulnerability scanning, can obtain the leak that can be threatened utilization of the software existence that moves on the assets.In the embodiment of the present application, can be that each leak is set a leak class value Cv according to its details in advance, for example leak can be divided into following 5 grades according to its order of severity:
Cv=1: corresponding leak rank is low danger leak
Cv=2: corresponding leak rank is low danger leak
Cv=3: corresponding leak rank is middle danger leak
Cv=4: corresponding leak rank is more high-risk leak
Cv=5: corresponding leak rank is high-risk leak
Step 209: the attack factor value of obtaining each assets according to the leak class value of each assets and the attacking ability value of utilizing this leak to possess.
Attack is meant the form of expression of one or more threat in certain particular technology environment, and attack factor is meant that the assailant realizes the possibility value that threatens according to certain specific attack means.May there be a plurality of leaks in each assets, so the attack factor value of assets is that the class value attacking ability value corresponding with it of each leak of being existed by current assets multiplies each other and sue for peace and draw.
In the embodiment of the present application, the value of attack factor Φ depends on two factors of attacking ability value Ap that leak class value Cv and assailant are possessed, and can utilize formula Φ ( C v , A p ) = Σ i = 1 n ( C vi × A pi ) Calculate, wherein C ViBe the order of severity that may be threatened i the leak that utilizes that current assets exist, A PiBe meant the required attacking ability value that the possesses when assailant utilizes this leak to current composition of assets security threat.Attacking ability value Ap is divided into Three Estate among the application:
Ap=3: the assailant need possess very high technical capability
Ap=2: the assailant need possess the secondary technology ability
Ap=1: the assailant need possess the elementary skill ability
In the practical application, can obtain by manual input, perhaps therefrom contrast and obtain, this embodiment of the present application is not limited according to predefined several modes for attacking ability value Ap.
Step 210: according to the threat of assets correspondence, search the threat risk value table that sets in advance, obtain the threat risk value of threat correspondence.
Threat risk value can quantize afterwards to obtain according to the risk of DREAD risk model to current threat.The DREAD risk model is to carry out value-at-risk from 5 aspects such as the complexities of the degree of difficulty of the possibility of the potential hazard that threatens, recycling, utilization, affected user scope, discovery to quantize.Can adopt following table 1 to obtain threat risk value in the concrete quantizing process:
Table 1
Figure G2009100939752D00092
Step 211: with the threat risk value of threat correspondence and the quantized value of attack factor value addition output threat.
The quantized value of threat depends on above-mentioned threat risk value and attack factor, specifically can adopt following computing formula to obtain:
P=Tr+Φ(C v,A p)
Wherein, P is the quantized value of threat, and Tr is a threat risk value, Φ (C v, A p) be attack factor.
Step 212: search the threat risk value table that sets in advance, obtain the potential loss score value of threat correspondence.
In this step, when obtaining the potential loss score value of threat correspondence, still can search threat risk value table as shown in table 1, but only need search potential loss score value wherein, promptly article one list item in the table 1 remembers that the potential loss score value is D.
Step 213: with security attribute value and the potential loss score value described potential threat loss value of output that multiplies each other.
Potential threat loss value Td can adopt following formula to calculate:
Td=F(A,D)=A×D
Wherein, D is the potential loss score value, and A is the security attribute value of these assets of obtaining in the step 207.
Step 214: the quantized value of potential threat loss value and threat multiplied each other obtains the security information value of assets.
The security information value of some assets finally depends on the quantized value and the potential threat loss value of the aforementioned threat that calculates, and the security information value R of assets can adopt following formula to calculate:
R=P×Td
Wherein, P is the quantized value of threat, and Td is a potential threat loss value.
Step 215:, obtain the security information value of target information system according to the security information value and the weighted value of each assets in target information system of each assets.
The security information value N of an information system can adopt following formula to calculate in the embodiment of the present application:
N = Σ i = 0 n ( ▿ i × R i )
Wherein, Ri is the security information value of assets i;
Ri = 1 m Σ j = 0 m R j , J the security information value that threatens that Rj faces for assets i;
Figure G2009100939752D00113
Be assets i occupied weight in whole information system, span is 0~1, ▿ i = A j Σ j = 0 n A j , Ai is the security attribute value of assets i, and Aj is the security attribute value of j assets.
Step 216: search the safe class tabulation that sets in advance according to the security information value of target information system, obtain the safe class of target information system correspondence, finish current flow process.
In the embodiment of the present application,, can be in advance the security information value of information system be divided into different grades, for example, information system be divided into 3 grades for the final fail safe identification that quantizes information system:
Wherein, the security information value scope of low-risk rank correspondence is: 0<N<40;
The security information value scope of middle risk class correspondence is: 40<N<70;
The security information value scope of excessive risk rank correspondence is: 70<N<90.
According to the security information value of the target information system that calculates, search above-mentioned security information value scope, get access to the level of security of target information system correspondence.
The embodiment of method that information system is carried out fail safe identification with the present invention is corresponding, and the present invention also provides the embodiment that information system is carried out the device of fail safe identification.
The present invention information system is carried out fail safe identification device the embodiment flow process as shown in Figure 4.
This device comprises: determining unit 410, modeling unit 420, acquiring unit 430, computing unit 440 and recognition unit 450.
Wherein, determining unit 410 is used for determining target information system;
Modeling unit 420 is used for described target information system is carried out the security threat modeling;
Acquiring unit 430 is used for the modeling result according to described modeling unit, obtains the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system;
Computing unit 440, be used for quantized value according to described threat, calculate the security information value of each assets in the described target information system, and, obtain the security information value of described target information system according to the security information value and the weighted value of described each assets in described target information system of described each assets;
Recognition unit 450 is used for searching the safe class tabulation that sets in advance according to the security information value of described target information system, obtains the safe class of described target information system correspondence.
Concrete, modeling unit 420 can comprise (not shown among Fig. 4): the Assets Analyst unit, be used for described target information system is analyzed, and obtain the assets that comprise in the described target information system; The functional module division unit is used for according to the function of described target information system described target information system being divided into different functional modules; The data flow acquiring unit is used for obtaining according to the interactive relation between the described functional module data flow of described target information system; The threat predicting unit is used to predict the threat of described each bar data flow correspondence and the assets of influence thereof.
Concrete, acquiring unit 430 can comprise and obtains the security attribute value cell and obtain quantized value unit (not shown among Fig. 4).Wherein, obtaining the security attribute value cell can comprise: security attribute subvalue determining unit, be used for determining the security attribute subvalue of each assets, and described security attribute subvalue comprises confidentiality value, integrity value and availability value; Security attribute value computing unit is used for the weight according to the described security attribute subvalue who sets in advance, and calculates the security attribute value of described each assets.Obtaining the quantized value unit can comprise: the vulnerability scanning unit, be used for described each assets are carried out vulnerability scanning, and obtain the leak class value of leak correspondence in each assets; Attack factor value acquiring unit is used for obtaining according to the leak class value of described each assets and the attacking ability value of utilizing described leak to possess the attack factor value of described each assets; The threat risk value acquiring unit is used for the threat according to described assets correspondence, searches the threat risk value table that sets in advance, and obtains the threat risk value of described threat correspondence; The quantized value output unit is used for the quantized value that described threat is exported in the threat risk value and the addition of described attack factor value of described threat correspondence.
Concrete, computing unit 440 can comprise (not shown among Fig. 4): the potential loss score value is searched the unit, is used to search the threat risk value table that sets in advance, and obtains the potential loss score value of described threat correspondence; Potential threat loss value output unit is used for the multiply each other potential threat loss value of the described assets of output of described security attribute value and described potential loss score value; Security information value acquiring unit is used for quantized value with described potential threat loss value and described threat and multiplies each other and obtain the security information value of described assets.
As seen through the above description of the embodiments, the embodiment of the present application is after determining target information system, according to the result who described target information system is carried out the security threat modeling, obtain the quantized value of security attribute value with the threat of correspondence of each assets in the target information system, quantized value according to threat, calculate the security information value of each assets in the target information system, security information value and the weighted value of each assets in target information system according to each assets, obtain the security information value of target information system, search the safe class tabulation that sets in advance according to the security information value of target information system, obtain the safe class of target information system correspondence.Use the embodiment of the present application information system is carried out fail safe identification, owing to be not the fail safe that the subjective factors such as experience according to the security evaluation personnel come the identifying information system, but by assets, threat and leak in the information system are quantized, taken all factors into consideration the security risk in the information system, therefore satisfied the requirement of information system, for the fail safe of information system provides quantizating index to fail safe identification.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in the storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and identical similar part is mutually referring to getting final product between each embodiment, and each embodiment stresses all is difference with other embodiment.Especially, for system embodiment, because it is substantially similar in appearance to method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
The present invention can describe in the general context of the computer executable instructions of being carried out by computer, for example program module.Usually, program module comprises the routine carrying out particular task or realize particular abstract, program, object, assembly, data structure or the like.Also can in distributed computing environment (DCE), put into practice the present invention, in these distributed computing environment (DCE), by by communication network connected teleprocessing equipment execute the task.In distributed computing environment (DCE), program module can be arranged in the local and remote computer-readable storage medium that comprises memory device.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.

Claims (11)

1, a kind of method that information system is carried out fail safe identification is characterized in that, comprising:
Determine target information system;
According to the result that described target information system is carried out the security threat modeling, obtain the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system;
According to the quantized value of described threat, calculate the security information value of each assets in the described target information system;
According to the security information value and the weighted value of described each assets in described target information system of described each assets, obtain the security information value of described target information system;
Search the safe class tabulation that sets in advance according to the security information value of described target information system, obtain the safe class of described target information system correspondence.
2, method according to claim 1 is characterized in that, describedly target information system is carried out the security threat modeling comprises:
Described target information system is analyzed, obtained the assets that comprise in the described target information system;
Function according to described target information system is divided into different functional modules with described target information system;
Obtain data flow in the described target information system according to the interactive relation between the described functional module;
Predict the threat of described each bar data flow correspondence and the assets of influence thereof.
3, method according to claim 2 is characterized in that, the described security attribute value of obtaining each assets in the target information system comprises:
Determine the security attribute subvalue of each assets, described security attribute subvalue comprises confidentiality value, integrity value and availability value;
According to the described security attribute subvalue's who sets in advance weight, calculate the security attribute value of described each assets.
4, method according to claim 2 is characterized in that, the described quantized value that obtains the threat of each assets correspondence comprises:
Described each assets are carried out vulnerability scanning, obtain the leak class value of leak correspondence in each assets;
Obtain the attack factor value of described each assets according to the leak class value of described each assets and the attacking ability value of utilizing described leak to possess;
According to the threat of described assets correspondence, search the threat risk value table that sets in advance, obtain the threat risk value of described threat correspondence;
The quantized value that described threat is exported in the threat risk value and the addition of described attack factor value of described threat correspondence.
5, method according to claim 1 is characterized in that, described quantized value according to described threat, and the security information value of calculating each assets in the described target information system comprises:
Search the threat risk value table that sets in advance, obtain the potential loss score value of described threat correspondence;
With the multiply each other potential threat loss value of the described assets of output of described security attribute value and described potential loss score value;
The quantized value of described potential threat loss value and described threat multiplied each other obtain the security information value of described assets.
According to claim 4 or 5 described methods, it is characterized in that 6, described threat risk value table is the threat risk value table of setting up according to the DREAD risk model;
Described threat risk value comprises: potential loss score value, recycling score value, availability score value, affected user score value and the property found score value.
7, a kind of device that information system is carried out fail safe identification is characterized in that, comprising:
Determining unit is used for determining target information system;
Modeling unit is used for described target information system is carried out the security threat modeling;
Acquiring unit is used for the modeling result according to described modeling unit, obtains the quantized value of security attribute value with the threat of correspondence of each assets in the described target information system;
Computing unit, be used for quantized value according to described threat, calculate the security information value of each assets in the described target information system, and, obtain the security information value of described target information system according to the security information value and the weighted value of described each assets in described target information system of described each assets;
Recognition unit is used for searching the safe class tabulation that sets in advance according to the security information value of described target information system, obtains the safe class of described target information system correspondence.
8, device according to claim 7 is characterized in that, described modeling unit comprises:
The Assets Analyst unit is used for described target information system is analyzed, and obtains the assets that comprise in the described target information system;
The functional module division unit is used for according to the function of described target information system described target information system being divided into different functional modules;
The data flow acquiring unit is used for obtaining according to the interactive relation between the described functional module data flow of described target information system;
The threat predicting unit is used to predict the threat of described each bar data flow correspondence and the assets of influence thereof.
9, device according to claim 8 is characterized in that, described acquiring unit comprises and obtains the security attribute value cell, specifically comprises:
Security attribute subvalue determining unit is used for determining the security attribute subvalue of each assets, and described security attribute subvalue comprises confidentiality value, integrity value and availability value;
Security attribute value computing unit is used for the weight according to the described security attribute subvalue who sets in advance, and calculates the security attribute value of described each assets.
10, device according to claim 8 is characterized in that, described acquiring unit comprises and obtains the quantized value unit, specifically comprises:
The vulnerability scanning unit is used for described each assets are carried out vulnerability scanning, obtains the leak class value of leak correspondence in each assets;
Attack factor value acquiring unit is used for obtaining according to the leak class value of described each assets and the attacking ability value of utilizing described leak to possess the attack factor value of described each assets;
The threat risk value acquiring unit is used for the threat according to described assets correspondence, searches the threat risk value table that sets in advance, and obtains the threat risk value of described threat correspondence;
The quantized value output unit is used for the quantized value that described threat is exported in the threat risk value and the addition of described attack factor value of described threat correspondence.
11, device according to claim 7 is characterized in that, described computing unit comprises:
The potential loss score value is searched the unit, is used to search the threat risk value table that sets in advance, and obtains the potential loss score value of described threat correspondence;
Potential threat loss value output unit is used for the multiply each other potential threat loss value of the described assets of output of described security attribute value and described potential loss score value;
Security information value acquiring unit is used for quantized value with described potential threat loss value and described threat and multiplies each other and obtain the security information value of described assets.
CN200910093975A 2009-09-25 2009-09-25 Method and device for conducting security identification on information system Pending CN101674302A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910093975A CN101674302A (en) 2009-09-25 2009-09-25 Method and device for conducting security identification on information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910093975A CN101674302A (en) 2009-09-25 2009-09-25 Method and device for conducting security identification on information system

Publications (1)

Publication Number Publication Date
CN101674302A true CN101674302A (en) 2010-03-17

Family

ID=42021290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910093975A Pending CN101674302A (en) 2009-09-25 2009-09-25 Method and device for conducting security identification on information system

Country Status (1)

Country Link
CN (1) CN101674302A (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950338A (en) * 2010-09-14 2011-01-19 中国科学院研究生院 Bug repair method based on hierarchical bug threat assessment
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN103023889A (en) * 2012-11-29 2013-04-03 武汉华中电力电网技术有限公司 Safety margin risk quantification method
CN103198013A (en) * 2013-02-27 2013-07-10 中国信息安全测评中心 Loss-amount based software strong security measurement method
CN103258165A (en) * 2013-05-10 2013-08-21 华为技术有限公司 Processing method and device for leak evaluation
CN104346565A (en) * 2013-07-30 2015-02-11 北京神州泰岳软件股份有限公司 Vulnerability scanning method and system
CN104850797A (en) * 2015-04-30 2015-08-19 北京奇虎科技有限公司 Device security management method and apparatus
CN105516130A (en) * 2015-12-07 2016-04-20 北京安信天行科技有限公司 Data processing method and device
CN105635112A (en) * 2015-12-18 2016-06-01 国家电网公司 Information system security performance assessment method
CN105721407A (en) * 2014-12-05 2016-06-29 北京神州泰岳信息安全技术有限公司 Method and device for business system security evaluation
CN105844169A (en) * 2015-01-15 2016-08-10 中国移动通信集团安徽有限公司 Method and device for information safety metrics
CN106570403A (en) * 2016-11-02 2017-04-19 北京知道未来信息技术有限公司 Loophole harm degree identification method based on risk model
CN106570384A (en) * 2015-10-08 2017-04-19 阿里巴巴集团控股有限公司 Identity verification method and apparatus
CN106878316A (en) * 2017-02-28 2017-06-20 新华三技术有限公司 A kind of risk quantification method and device
CN107315953A (en) * 2016-04-26 2017-11-03 中芯国际集成电路制造(天津)有限公司 Equipment safety detecting system and detection method
CN109840688A (en) * 2018-12-28 2019-06-04 全球能源互联网研究院有限公司 A kind of electric power mobile terminal security appraisal procedure and device
CN110138627A (en) * 2019-07-11 2019-08-16 电子科技大学 The edge calculations lateral terminal secure accessing policy selection method of quantization
CN110245487A (en) * 2014-10-27 2019-09-17 阿里巴巴集团控股有限公司 The recognition methods of account risk and device
WO2020063114A1 (en) * 2018-09-29 2020-04-02 阿里巴巴集团控股有限公司 Method and apparatus for detecting security awareness of user
CN112131574A (en) * 2020-09-16 2020-12-25 上海中通吉网络技术有限公司 Method, system and equipment for determining information security vulnerability level
CN116401714A (en) * 2023-05-26 2023-07-07 北京天融信网络安全技术有限公司 Security information acquisition method, device, equipment and medium

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950338A (en) * 2010-09-14 2011-01-19 中国科学院研究生院 Bug repair method based on hierarchical bug threat assessment
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN102354355B (en) * 2011-09-30 2014-01-29 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN103023889A (en) * 2012-11-29 2013-04-03 武汉华中电力电网技术有限公司 Safety margin risk quantification method
CN103198013B (en) * 2013-02-27 2015-11-04 中国信息安全测评中心 Based on the software security Forecasting Methodology of loss amount
CN103198013A (en) * 2013-02-27 2013-07-10 中国信息安全测评中心 Loss-amount based software strong security measurement method
CN103258165A (en) * 2013-05-10 2013-08-21 华为技术有限公司 Processing method and device for leak evaluation
CN103258165B (en) * 2013-05-10 2016-10-05 华为技术有限公司 The treating method and apparatus of leak evaluation
CN104346565A (en) * 2013-07-30 2015-02-11 北京神州泰岳软件股份有限公司 Vulnerability scanning method and system
CN104346565B (en) * 2013-07-30 2017-10-10 北京神州泰岳软件股份有限公司 A kind of vulnerability scanning method and system
CN110245487B (en) * 2014-10-27 2023-09-22 创新先进技术有限公司 Account risk identification method and device
CN110245487A (en) * 2014-10-27 2019-09-17 阿里巴巴集团控股有限公司 The recognition methods of account risk and device
CN105721407A (en) * 2014-12-05 2016-06-29 北京神州泰岳信息安全技术有限公司 Method and device for business system security evaluation
CN105844169A (en) * 2015-01-15 2016-08-10 中国移动通信集团安徽有限公司 Method and device for information safety metrics
CN104850797A (en) * 2015-04-30 2015-08-19 北京奇虎科技有限公司 Device security management method and apparatus
CN106570384B (en) * 2015-10-08 2019-09-20 阿里巴巴集团控股有限公司 A kind of identity verification method and device
CN106570384A (en) * 2015-10-08 2017-04-19 阿里巴巴集团控股有限公司 Identity verification method and apparatus
CN105516130A (en) * 2015-12-07 2016-04-20 北京安信天行科技有限公司 Data processing method and device
CN105635112B (en) * 2015-12-18 2019-03-15 国家电网公司 The appraisal procedure of information system security energy
CN105635112A (en) * 2015-12-18 2016-06-01 国家电网公司 Information system security performance assessment method
CN107315953A (en) * 2016-04-26 2017-11-03 中芯国际集成电路制造(天津)有限公司 Equipment safety detecting system and detection method
CN107315953B (en) * 2016-04-26 2020-06-02 中芯国际集成电路制造(天津)有限公司 Equipment safety detection system and detection method
CN106570403A (en) * 2016-11-02 2017-04-19 北京知道未来信息技术有限公司 Loophole harm degree identification method based on risk model
CN106878316A (en) * 2017-02-28 2017-06-20 新华三技术有限公司 A kind of risk quantification method and device
WO2020063114A1 (en) * 2018-09-29 2020-04-02 阿里巴巴集团控股有限公司 Method and apparatus for detecting security awareness of user
CN109840688A (en) * 2018-12-28 2019-06-04 全球能源互联网研究院有限公司 A kind of electric power mobile terminal security appraisal procedure and device
CN110138627B (en) * 2019-07-11 2019-09-20 电子科技大学 A kind of edge side terminal security access strategy selection method based on security risk quantization
WO2021004033A1 (en) * 2019-07-11 2021-01-14 电子科技大学 Quantified secure access policy selection method for terminal at edge computing side
US11374969B2 (en) 2019-07-11 2022-06-28 University Of Electronic Science And Technology Of China Quantitative selection of secure access policies for edge computing system
CN110138627A (en) * 2019-07-11 2019-08-16 电子科技大学 The edge calculations lateral terminal secure accessing policy selection method of quantization
CN112131574A (en) * 2020-09-16 2020-12-25 上海中通吉网络技术有限公司 Method, system and equipment for determining information security vulnerability level
CN116401714A (en) * 2023-05-26 2023-07-07 北京天融信网络安全技术有限公司 Security information acquisition method, device, equipment and medium
CN116401714B (en) * 2023-05-26 2023-09-26 北京天融信网络安全技术有限公司 Security information acquisition method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN101674302A (en) Method and device for conducting security identification on information system
CN113065610B (en) Isolated forest model construction and prediction method and device based on federal learning
Casey et al. The Kodak syndrome: risks and opportunities created by decentralization of forensic capabilities
Rahman et al. Assessing cyber resilience of additive manufacturing supply chain leveraging data fusion technique: A model to generate cyber resilience index of a supply chain
WO2016170551A2 (en) Command and control system for optimal risk management
CN102148820A (en) System and method for estimating network security situation based on index logarithm analysis
Rajabi et al. Strategies for controlling violence against health care workers: Application of fuzzy analytical hierarchy process and fuzzy additive ratio assessment
CN112039704B (en) Information system risk assessment method based on risk propagation
CN114492605A (en) Federal learning feature selection method, device and system and electronic equipment
CN114611008B (en) User service strategy determination method and device based on federal learning and electronic equipment
CN109919438A (en) Insurance risk appraisal procedure and system before network security insurance is protected
CN102004875A (en) Risk assessment method and system based on utility theory
Foulser‐Piggott et al. A framework for understanding uncertainty in seismic risk assessment
CN115630374A (en) Testing method and device of credible numerical control system, computer equipment and storage medium
Dursun et al. Risk based multi criteria decision making for secure image transfer between unmanned air vehicle and ground control station
Chang et al. Mining the networks of telecommunication fraud groups using social network analysis
Colombo et al. Prioritization of software security intangible attributes
CN110598124A (en) Numerical value attribute mining method and device, computer equipment and storage medium
Szychter et al. The impact of artificial intelligence on security: a dual perspective
Jabar¹ et al. Propose data mining AR-GA model to advance crime analysis
Singh et al. Toward grading cybersecurity & resilience posture for cyber physical systems
Korystin et al. Risk forecasting of data confidentiality breach using linear regression algorithm
Revathi Analytical Hierarchy Process in Fuzzy Comprehensive Evaluation Method
US20090055433A1 (en) System, Apparatus and Method for Organizing Forecasting Event Data
Li et al. A risk assessment method of cloud computing based on multi-level fuzzy comprehensive evaluation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100317