CN103268450B - Mobile intelligent terminal system security assessment system model and appraisal procedure based on test - Google Patents
Mobile intelligent terminal system security assessment system model and appraisal procedure based on test Download PDFInfo
- Publication number
- CN103268450B CN103268450B CN201310222440.7A CN201310222440A CN103268450B CN 103268450 B CN103268450 B CN 103268450B CN 201310222440 A CN201310222440 A CN 201310222440A CN 103268450 B CN103268450 B CN 103268450B
- Authority
- CN
- China
- Prior art keywords
- layer
- test
- assessment
- security
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of mobile intelligent terminal system security assessment system model based on test and appraisal procedure, system model includes security evaluation layer and safety test layer, security evaluation layer is positioned at upper strata, it is divided into risk layer from top to bottom, threatens layer and vulnerability layer, safety test layer is positioned at lower floor, is divided into security function layer, test layer and safety criterion layer from top to bottom;Appraisal procedure comprises the following steps: test layer is tested;Assessment layer is estimated according to test result;Parameter relative weight;Matrix is carried out consistency desired result;Calculate the score value vector of each layer security evaluation result;Assessment result table is drawn by each layer assessment result.The present invention is in conjunction with mobile intelligent terminal own characteristic, and utilizes AHP algorithm in conjunction with the method for safety test, it is achieved mobile intelligent terminal objective is tested the Multi-level Evaluation combined with subjective assessment, qualitative judgement and quantitative Analysis, and assessment result cogency is strong.
Description
Technical field
The present invention relates to mobile message security evaluation field, particularly relate to a kind of mobile intelligent terminal system security assessment system model based on test and appraisal procedure.
Background technology
Along with developing rapidly of mobile communication technology and mobile Internet sum, mobile intelligent terminal has been widely used in the middle of the information system of personal daily life and various governments, enterprise, bank and army.Different from traditional mobile phone, mobile intelligent terminal stores individual privacy, accounts information, working document, trade secret or even valuable information etc. more.These privacies are often related to that terminal uses property and the prestige safety of individual or unit.The current primary challenge mode to terminal still utilizes the vulnerability of intelligent terminal operation system security mechanism and leak to manufacture substantial amounts of Malware, virus and remote control program, terminal security is constituted huge threat, therefore mobile intelligent terminal operating system security is carried out security evaluation and be to ensure that the basis of terminal security.
At present, the assessment of mobile intelligent terminal safety be there is no unified standard.China's standard " information of mobile terminal safety specifications " and " information of mobile terminal safety detecting method " are primarily directed to fairly simple conventional mobile phone operating system.Unite States Standard " GuidelinesonCellPhoneandPDASecurity " is the safety criterion for mobile intelligent terminal of current comparative maturity.
The security evaluation of science must be set up based in the safety test of safety criterion, owing to mobile intelligent terminal operating system software and hardware resources is relatively in short supply, be not suitable for traditional computer system security measures, therefore at present the security evaluation of mobile intelligent terminal is mainly also built upon the calculating on subjective assessment and analysis, lacking the objective security test being based upon on safety criterion and merge with the reasonable of quantitative calculation and analysis, its assessment result often lacks persuasion.
Summary of the invention
It is an object of the invention to overcome the deficiencies in the prior art, there is provided one in conjunction with mobile intelligent terminal own characteristic, and utilize AHP algorithm in conjunction with the method for safety test, realize mobile intelligent terminal objective is tested the Multi-level Evaluation that combines with subjective assessment, qualitative judgement and quantitative Analysis, strong a kind of based on the mobile intelligent terminal system security assessment system model tested and appraisal procedure of assessment result cogency.
It is an object of the invention to be achieved through the following technical solutions: based on the mobile intelligent terminal system security assessment system model of test, it includes for for manufacturer terminal, user or use unit provide security risk, attack the security evaluation layer threatening the assessment with system vulnerability and for testing operating system to be measured according to safety standard requirement, assess the safety test layer of the degree that its conformance with standard requires, described security evaluation layer is positioned at upper strata, it is divided into risk layer from top to bottom, threaten layer and vulnerability layer, described safety test layer is positioned at lower floor, it is divided into security function layer from top to bottom, test layer and safety criterion layer.
Described security function layer is divided into multilamellar.
The mapping relations that index is multi-to-multi of the interlayer up and down that described assessment layer is adjacent.
The mapping relations that levels index is one-to-many that described test layer is adjacent.
Based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, it comprises the following steps:
S1: test layer is tested: utilize the follow-up ergodic algorithm of multiway tree to perform each test case, the execution process of output test case successively, draw test result vector β;
S2: assessment layer is estimated according to test result: to each test index in assessment layer, the relative importance that its sub-index item compares between two is allowed to draw the ratio of relative weight respectively, then according to proportion quotiety method to importance assigning degrees, Judgement Matricies Ai;
S3: parameter relative weight:
First by matrix AiEach column vector normalization:
Then to the judgment matrix after normalization by row summation:
Again by vectorNormalization:
Vector after normalizationComponent be the weights of each assessment key element;
S4: matrix is carried out consistency desired result: each judgment matrix is calculated consistency ration CR, as CR=0, judgment matrix has crash consistency, CR is more big, and then concordance is more poor, if CR < 0.1, judgment matrix substantially meets concordance, result of calculation has higher credibility, otherwise needs judgment matrix is improved until satisfied;
S5: calculate the score value vector of each layer security evaluation result: calculated the vector obtained by step S3 and draw the weight matrix ω of the assessment each layer of layer respectively1、ω2And ω3, by σ3=ω3βTDraw the fragile degree of each index of vulnerability layer, by σ2=ω2σ3 TDraw the Threat threatening each index of layer, by σ1=ω1σ2 TDraw the risk of each index of risk layer, finally qualitatively judge each evaluation index, each layer index is sorted, record assessment result, provide assessment conclusion;
S6: drawn assessment result table by each layer assessment result: find the weak link of system according to vulnerability inder and test layer index, improve terminal system application solutions, according to threatening index and risk indicator understanding terminal system at present and threat that may be present in future, security risk and influence degree, formulate corresponding security strategy to avert risks.
The invention has the beneficial effects as follows:
The present invention provides the major security threat and risk and risk assessment relevant criterion that a kind of combined with intelligent terminal operating system faces, in conjunction with current computer and mobile terminal operating system safety criterion and classification security evaluation method, and in conjunction with a kind of multi-level mobile intelligent terminal operating system security evaluation system model based on safety criterion of mobile intelligent terminal own characteristic, and utilize AHP algorithm (analytic hierarchy process (AHP)) in conjunction with the method for safety test, realize the test of mobile intelligent terminal objective and subjective assessment, qualitatively judge the Multi-level Evaluation combined with quantitative Analysis, assessment result cogency is strong.
Accompanying drawing explanation
Fig. 1 is secured hierarchical evaluation system and layering schematic diagram;
Fig. 2 is security of system layering assessment models.
Detailed description of the invention
Below in conjunction with accompanying drawing, technical scheme is described in further detail: as shown in Figure 1, mobile intelligent terminal system security assessment system model based on test, it includes for for manufacturer terminal, user or use unit provide security risk, attack the security evaluation layer threatening the assessment with system vulnerability and for testing operating system to be measured according to safety standard requirement, assess the safety test layer of the degree that its conformance with standard requires, described security evaluation layer is positioned at upper strata, it is divided into risk layer from top to bottom, threaten layer and vulnerability layer, described safety test layer is positioned at lower floor, it is divided into security function layer from top to bottom, test layer and safety criterion layer.As in figure 2 it is shown, assess the mapping relations that index is multi-to-multi of the adjacent interlayer up and down of layer, the mapping relations that levels index is one-to-many that test layer is adjacent.Security function layer is divided into multilamellar, each layer of evaluation index for be all different safe category, provide each required safety assurance for different users, each layer of evaluation index definition is as follows:
Risk layer: in mobile intelligent terminal system due to be subjected to artificial attack threaten cause each resource disappearance or destroyed time, the possible loss that intelligent terminal's user or unit are caused and impact;
Threaten layer: comprising the threat behavior that mobile intelligent terminal is attacked, threat behavior is the means that assailant reaches specific purpose.At present main the attacking of mobile terminal being threatened is based upon in the vulnerability of security mechanism, and different threat behaviors attacking ability in different environments is different, it is necessary to it is estimated;
Vulnerability layer: vulnerability is one of object of assessment.Vulnerability that threat behavior exists possibly also with assets carrier and mobile terminal safety mechanism and defect cause the loss of assets;
Security function layer: the necessary concrete security function of assessment mobile intelligent terminal operating system meets the degree of safety standard requirement.The disappearance of security function, imperfection or the leak in security function design realizes will result in the vulnerability of mobile terminal system, and the assessment of security function layer need to be estimated in the result of the objective examination of lower floor;
Safety test layer: the level of most critical in system, is reasonably mapped to the safety requirements in safety criterion attainable assessment method, and is encapsulated as different test cases, utilizes algorithmic dispatching to perform each test case, and test result is returned to upper strata;
Safety criterion layer: be mapped as the test index in security function layer for the specific requirement in standard and the test case in test layer provides foundation.
Based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, first by the follow-up traversal implementation of test cases of tree, the execution process according to test case, draw test result.After quantified for test result, return to assessment layer, the indexs of upper five layers pressed respectively table 1 and maps quantization to 1~9, the test result that assessment layer returns according to test layer, according to practical situation, utilize single or multiple assessment algorithm to be calculated analyzing.Being estimated with (AHP algorithm) step analysis in this programme, it comprises the following steps:
Table 11~9 quantizating index
S1: test layer is tested: utilizing the follow-up ergodic algorithm of multiway tree to perform each test case successively at test layer, output test case performs process, draws test result vector β;
S2: assessment layer is estimated according to test result: to each test index in assessment layer, the relative importance that its sub-index item compares between two is allowed to draw the ratio of relative weight respectively, by 1~9 proportion quotiety method in table 2 to importance assigning degrees, Judgement Matricies Ai;
21~9 grades of judgment matrix standard degree of table
S3: parameter relative weight:
First by matrix AiEach column vector normalization:
Then to the judgment matrix after normalization by row summation:
Again by vectorNormalization:
Vector after normalizationComponent be the weights of each assessment key element.
S4: matrix is carried out consistency desired result: in order to ensure that judgment matrix has the accuracy that comparison is high, it is necessary to matrix is carried out consistency desired result.Calculating coincident indicator is as follows:
First the Maximum characteristic root of matrix is obtained:
Then coincident indicator is calculated:
Finally calculate consistency ration:
If CR is < when 0.1, then it is assumed that the concordance of this judgment matrix can accept.
Table 3 mean random consistent guideline RI
As CR=0, it is judged that matrix has crash consistency, CR is more big, and then concordance is more poor.It is generally acknowledged that < when 0.1, judgment matrix substantially meets concordance to CR, and result of calculation has higher credibility, otherwise needs judgment matrix is improved until satisfied;
S5: calculate the score value vector of each layer security evaluation result: the vector obtained by step S3 draws the weight matrix of the assessment each layer of layer respectivelyWithBy σ3=ω3βTDraw the fragile degree of each index of vulnerability layer, by σ2=ω2σ3 TDraw the Threat threatening each index of layer.By σ1=ω1σ2 TDraw the risk of each index of risk layer.Last synopsis 1 qualitatively judges each evaluation index, records assessment result, provides assessment conclusion;
S6: drawn assessment result table by each layer assessment result: find the weak link of system according to vulnerability inder and test layer index, improve terminal system application solutions.According to threatening index and risk indicator understanding terminal system at present and threat that may be present in future, security risk and influence degree, formulate corresponding security strategy targetedly to avert risks.
Claims (5)
1. based on the mobile intelligent terminal system security assessment system model of test, it is characterized in that: it includes for for manufacturer terminal, user or use unit provide security risk, attack the security evaluation layer threatening the assessment with system vulnerability and for testing operating system to be measured according to safety standard requirement, assess the safety test layer of the degree that its conformance with standard requires, described security evaluation layer is positioned at upper strata, it is divided into risk layer from top to bottom, threaten layer and vulnerability layer, described safety test layer is positioned at lower floor, it is divided into security function layer from top to bottom, test layer and safety criterion layer;Wherein:
Risk layer: in mobile intelligent terminal system due to be subjected to artificial attack threaten cause each resource disappearance or destroyed time, the possible loss that intelligent terminal's user or unit are caused and impact;
Threaten layer: comprising the threat behavior that mobile intelligent terminal is attacked, threat behavior is the means that assailant reaches specific purpose;Different threat behaviors attacking ability in different environments is different, it is necessary to it is estimated;
Vulnerability layer: vulnerability is one of object of assessment, vulnerability that threat behavior exists possibly also with assets carrier and mobile terminal safety mechanism and defect cause the loss of assets;
Security function layer: the necessary concrete security function of assessment mobile intelligent terminal operating system meets the degree of safety standard requirement;The disappearance of security function, imperfection or the leak in security function design realizes will result in the vulnerability of mobile terminal system, and the assessment of security function layer need to be estimated in the result of the objective examination of lower floor;
Test layer: the level of most critical in system, is reasonably mapped to the safety requirements in safety criterion layer attainable assessment method, and is encapsulated as different test cases, utilizes algorithmic dispatching to perform each test case, and test result is returned to upper strata;
Safety criterion layer: be mapped as the test index in security function layer for the specific requirement in standard and the test case in test layer provides foundation;
Find the weak link of system according to vulnerability inder and test layer index, improve terminal system application solutions;According to threatening index and risk indicator understanding terminal system at present and threat that may be present in future, security risk and influence degree, formulate corresponding security strategy targetedly to avert risks.
2. the mobile intelligent terminal system security assessment system model based on test according to claim 1, it is characterised in that: described security function layer is divided into multilamellar.
3. the mobile intelligent terminal system security assessment system model based on test according to claim 1, it is characterised in that: the mapping relations that index is multi-to-multi of the interlayer up and down that described assessment layer is adjacent.
4. the mobile intelligent terminal system security assessment system model based on test according to claim 1, it is characterised in that: the mapping relations that levels index is one-to-many that described test layer is adjacent.
5. based on the mobile intelligent terminal system security assessment system model appraisal procedure of test, it is characterised in that: it comprises the following steps:
S1: test layer is tested: utilize the follow-up ergodic algorithm of multiway tree to perform each test case, the execution process of output test case successively, draw test result vector β;
S2: assessment layer is estimated according to test result: to each test index in assessment layer, the relative importance that its sub-index item compares between two is allowed to draw the ratio of relative weight respectively, then according to proportion quotiety method to importance assigning degrees, Judgement Matricies Ai;
S3: parameter relative weight:
First by matrix AiEach column vector normalization:
Then to the judgment matrix after normalization by row summation:
Again by vectorNormalization:
Vector after normalizationComponent be the weights of each assessment key element;
S4: matrix is carried out consistency desired result: each judgment matrix is calculated consistency ration CR, as CR=0, judgment matrix has crash consistency, CR is more big, and then concordance is more poor, if CR < 0.1, judgment matrix substantially meets concordance, result of calculation has higher credibility, otherwise needs judgment matrix is improved until satisfied;
Calculating coincident indicator is as follows: first obtain the Maximum characteristic root of matrix:
Then coincident indicator is calculated:
Finally calculate consistency ration:
S5: calculate the score value vector of each layer security evaluation result: calculated the vector obtained by step S3 and draw the weight matrix of the assessment each layer of layer respectivelyWithBy σ3=ω3βTDraw the fragile degree of each index of vulnerability layer, by σ2=ω2σ3 TDraw the Threat threatening each index of layer, by σ1=ω1σ2 TDraw the risk of each index of risk layer, finally qualitatively judge each evaluation index, each layer index is sorted, record assessment result, provide assessment conclusion;
S6: drawn assessment result table by each layer assessment result: find the weak link of system according to vulnerability inder and test layer index, improve terminal system application solutions, according to threatening index and risk indicator understanding terminal system at present and threat that may be present in future, security risk and influence degree, formulate corresponding security strategy to avert risks.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310222440.7A CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310222440.7A CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103268450A CN103268450A (en) | 2013-08-28 |
CN103268450B true CN103268450B (en) | 2016-06-29 |
Family
ID=49012078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310222440.7A Expired - Fee Related CN103268450B (en) | 2013-06-06 | 2013-06-06 | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103268450B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103617397B (en) * | 2013-12-13 | 2016-11-16 | 北京邮电大学 | The security assessment method applied in intelligent terminal and system |
CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
CN105407514A (en) * | 2015-11-23 | 2016-03-16 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Wireless network vertical handoff method based on AHP/R-TOPSIS |
CN107231345A (en) * | 2017-05-03 | 2017-10-03 | 成都国腾实业集团有限公司 | Networks congestion control methods of risk assessment based on AHP |
CN107832621B (en) * | 2017-11-16 | 2021-01-05 | 成都艾尔普科技有限责任公司 | AHP-based weight calculation method for behavior trust evidence |
CN108776861A (en) * | 2018-04-27 | 2018-11-09 | 中国铁路总公司 | Railway Communication safety risk estimating method and device |
CN110912855A (en) * | 2018-09-17 | 2020-03-24 | 中国信息通信研究院 | Block chain architecture security assessment method and system based on permeability test case set |
CN109359893A (en) * | 2018-11-21 | 2019-02-19 | 国家电网有限公司 | The methods of risk assessment and device of mobile job platform |
CN110472839A (en) * | 2019-07-25 | 2019-11-19 | 上海电力大学 | Thermal power plant's control system Information Security Evaluation system based on SA-PSO-AHP |
CN110798454B (en) * | 2019-10-18 | 2020-10-27 | 中国科学院信息工程研究所 | Method and system for defending attack based on attack organization capability evaluation |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227288A (en) * | 2008-01-29 | 2008-07-23 | 四川大学 | Method for evaluating hazardness of network attack |
CN102004875A (en) * | 2010-11-15 | 2011-04-06 | 河南电力试验研究院 | Risk assessment method and system based on utility theory |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4819542B2 (en) * | 2006-03-24 | 2011-11-24 | 株式会社日立製作所 | Biometric authentication system and method with vulnerability verification |
-
2013
- 2013-06-06 CN CN201310222440.7A patent/CN103268450B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227288A (en) * | 2008-01-29 | 2008-07-23 | 四川大学 | Method for evaluating hazardness of network attack |
CN102004875A (en) * | 2010-11-15 | 2011-04-06 | 河南电力试验研究院 | Risk assessment method and system based on utility theory |
Also Published As
Publication number | Publication date |
---|---|
CN103268450A (en) | 2013-08-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103268450B (en) | Mobile intelligent terminal system security assessment system model and appraisal procedure based on test | |
CN102799822B (en) | Software running security measurement and estimation method based on network environment | |
CN108833416B (en) | SCADA system information security risk assessment method and system | |
US20110276604A1 (en) | Reputation based access control | |
Uzar | The relationship between institutional quality and ecological footprint: Is there a connection? | |
CN110458687A (en) | The automatic measures and procedures for the examination and approval of decision, device and computer readable storage medium | |
CN107220549A (en) | Leak risk basal evaluation method based on CVSS | |
CN105354210A (en) | Mobile game payment account behavior data processing method and apparatus | |
CN104883369A (en) | Cloud configuration safety assessment method | |
CN102236758A (en) | Security repository-based security requirement acquisition method | |
CN106971109A (en) | A kind of assessment strategy of the bug excavation method based on index weights | |
CN116366374B (en) | Security assessment method, system and medium for power grid network management based on big data | |
CN105320887A (en) | Static characteristic extraction and selection based detection method for Android malicious application | |
CN109376537A (en) | A kind of assets methods of marking and system based on multiple-factor fusion | |
CN114003920A (en) | Security assessment method and device for system data, storage medium and electronic equipment | |
CN111523088A (en) | Ecological environment evaluation method based on DPSIR model | |
CN113408114A (en) | Method and system for evaluating vulnerability threat degree of power monitoring system equipment | |
Rahman et al. | Auditor choice prediction model using corporate governance and ownership attributes: machine learning approach | |
KR102379472B1 (en) | Multimodal data integration method considering spatiotemporal characteristics of disaster damage | |
WO2022242181A1 (en) | Method and apparatus for evaluating health degree indexes of layers of smart substation | |
CN108509340A (en) | A kind of determination of naval vessels Combat Command System software quality element and quantitative estimation method | |
Ruo-xin et al. | Model for cloud computing security assessment based on AHP and FCE | |
CN116109215A (en) | Credibility quantitative evaluation method and device of credibility numerical control system and computer equipment | |
CN106127040A (en) | The quantitative analysis method of a kind of software privacy leakage behavior and device | |
CN103412814B (en) | Mobile terminal system safety test and intelligent repair system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160629 Termination date: 20180606 |