CN109086607A

CN109086607A - A kind of autonomous degree of controllability appraisal procedure of Network Security Device

Info

Publication number: CN109086607A
Application number: CN201810779942.2A
Authority: CN
Inventors: 程华; 杨阳; 田魏魏; 程来旺; 石良军; 沈金祥; 崔巍
Original assignee: Wuxi Jiangnan Computing Technology Institute
Current assignee: Wuxi Jiangnan Computing Technology Institute
Priority date: 2018-07-16
Filing date: 2018-07-16
Publication date: 2018-12-25

Abstract

The present invention discloses a kind of autonomous degree of controllability appraisal procedure of Network Security Device, assessment content analysis is carried out using " Kernel-based methods element and the analytic hierarchy process (AHP) for developing team's background ", the development & production process of product is considered as multiple processes, carries out process element analysis respectively.The evaluation system of autonomous degree of controllability, including entry criteria, assessment content and weighted value, assessment tool and environment, evaluation process, score value model, six part of grade classification are proposed from R&D process, core technology, the manufacturing, research staff etc..The present invention can accurately, comprehensively calculate the autonomy-oriented degree of Network Security Device, evaluate the Network Security Device localization rate of parts and components.The secondary evaluation content and weighted value that this evaluation system specifies the level-one assessment content for carrying out autonomous degree of controllability assessment and weighted value and each single item level-one assessment content includes.Scientific system, index are clear, can instruct the autonomous degree of controllability assessment to Network Security Device.

Description

A kind of autonomous degree of controllability appraisal procedure of Network Security Device

Technical field

The present invention relates to Network Security Device autonomous degree of controllability assessment technology field more particularly to a kind of Network Security Devices Autonomous degree of controllability appraisal procedure.

Background technique

The Network Security Devices such as network firewall equipment, vulnerability scanning equipment, network invasion monitoring equipment it is autonomous controllable Degree plays an important role to information security.Currently, domestic autonomous controllable information system is in processor, operating system, data The key software and hardware such as library, middleware achieves the breakthrough of technology.However, the relatively independent exploitation of autonomous software and hardware, each other Technology synergy and fusion not enough, cause the integrated optimization between bottom hardware to upper layer software (applications) inadequate, application system is comprehensive Performance is not high；Meanwhile existing application software transplanting difficulty is big, at the early-stage based on autonomous controllable application and development, exploitation amount is big, It is difficult to meet scale application demand in short term.So informatization on nation defence building security develops, not only need autonomous controllable core soft The breakthrough of realization technology level needs to accelerate to domestic Network Security Device with greater need for domestic Network Security Device Development promotes the responding ability for coping with national defense applications demand under the new situation.In order to avoid a printer chip leads to anti-empty set The tragedy of system paralysis is not showed in our army, and domestic every profession and trade is all promoting homemade software and hardware in due course in recent years, forms state Network Security Device is produced, the national defense system for being especially related to national security is even more so.Network Security Device it is autonomous controllable Degree refers to the ability for having the unit for manufacturing qualification leading research and development and production Network Security Device.Autonomous degree of controllability assessment result makes It is expressed as a percentage, according to assessment result, the autonomous degree of controllability of product can be divided into several grades from high to low.With domestic Network Security Device application promotes gradually going deep into for work, and application of the Network Security Device in each field and project is increasingly Extensively.But there is presently no a kind of quantifiable autonomous degree of controllability appraisal procedures of Network Security Device, thus can not guide product Development departments carry out autonomous degree of controllability self-evaluation to promote product to continuously improve perfect and autonomy-oriented level raising, and third party comments The autonomous degree of controllability of Network Security Device can not be provided by estimating mechanism also, can not for application section door knob hold the autonomous controllable degree of product, Carry out product type selection work and data supporting is provided.

Summary of the invention

It is an object of the invention to by a kind of autonomous degree of controllability appraisal procedure of Network Security Device, to solve background above The problem of technology segment is mentioned.

To achieve this purpose, the present invention adopts the following technical scheme:

A kind of autonomous degree of controllability appraisal procedure of Network Security Device, this method comprises the following steps:

S101, the type for determining Network Security Device to be assessed；

The assessment object of S102, setting Network Security Device to be assessed；

S103, the weighted value for determining the level-one assessment content of the assessment object and setting level-one assessment content；

S104, the weighted value for determining the secondary evaluation content of each level-one assessment content and setting secondary evaluation content；

The autonomous degree of controllability score of S105, each secondary evaluation content of setting；

S106, the autonomous degree of controllability OCR for calculating Network Security Device to be assessed according to the following formula:

Such as certain secondary evaluation content content containing three-tiered evaluation, then the autonomous degree of controllability score S of the secondary evaluation content_ijAre as follows:

In above formula:

L is the total item that level-one assesses content；

N is the total item for the secondary evaluation content that i-th of level-one is assessed in content；

M is the three-tiered evaluation content total item that i-th of level-one assesses j-th of secondary evaluation content in content；

w_iThe weighted value of content is assessed for i-th of level-one；

w_ijThe weighted value of j-th of secondary evaluation content in content is assessed for i-th of level-one；

w_ijkThe weight of k-th of three-tiered evaluation content of j-th of secondary evaluation content in content is assessed for i-th of level-one Value；

s_ijThe autonomous degree of controllability score of j-th of secondary evaluation content in content is assessed for i-th of level-one；

s_ijkThe autonomous of k-th of three-tiered evaluation content of j-th of secondary evaluation content in content is assessed for i-th of level-one Degree of controllability score.

Particularly, after the step S106 further include: S107, pacified according to the network to be assessed that the step S106 is obtained The autonomous degree of controllability OCR of full equipment, determines the network security to be assessed according to the autonomous degree of controllability grade classification condition of setting The grade of the autonomous degree of controllability of equipment.

Particularly, the Network Security Device to be assessed includes network firewall equipment, vulnerability scanning equipment, network intrusions Detection device three types.

Particularly, when the Network Security Device to be assessed is network firewall equipment, the assessment object of setting includes Hardware system, basic software and development team；The level-one assessment content of the hardware system includes: central processing unit, network interface card control Coremaking piece, memory, hard disk, mainboard；The central processing unit, the secondary evaluation content of network card control chip are identical, include: body Architecture design, chip testing, mating software and hardware, develops team's background at chip design, chip production；Architecture Design Three-tiered evaluation content includes: instruction set, intellectual property；The three-tiered evaluation content of chip design includes: logical design, verifies and put down Platform, physical Design, design platform；The three-tiered evaluation content of chip production includes: flow, encapsulation design, encapsulation production, package material Material；The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: chipset, opens Send out plate and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；Develop the three-level of team's background Assessing content includes: technological accumulation time, research institute's market competitiveness, personnel component, CMM；

The secondary evaluation content of the memory includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content include: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to being domestic group Still assembling overseas determines to assemble the score in the place of production dress, develops team and the whether all domestic personnel of Executive Team according to core And the accounting of domestic developer determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person to determine The score of composition of capital；According to the score for decision technology integration time development time for being engaged in this field product；The core technology palm The three-tiered evaluation content for holding degree includes: memory grain, control chip, according to whether being domestic design, production judgement memory The score of grain；According to whether being the score of domestic design, production judgement control chip；

The hard disk includes mechanical hard disk and solid state hard disk, and the secondary evaluation content of mechanical hard disk includes: to develop team's back Scape, core technology Grasping level, the three-tiered evaluation content for developing team's background includes: the assembling place of production, personnel component, capital structure At, technological accumulation time, wherein according to being domestic assembling or overseas assembling determines the score in the assembling place of production, ground according to core The score of the accounting of briquetting team and the whether all domestic personnel of Executive Team and domestic developer judgement personnel component；Root Hold the score that capital accounting determines composition of capital according to domestic legal person or natural person；According to the development time for being engaged in this field product The score of decision technology integration time；The three-tiered evaluation content of core technology Grasping level include: main control chip, magnetic head, disc, PCB, according to whether being the score of domestic design, production judgement main control chip；According to whether being domestic design, production judgement magnetic head Score；According to whether being the score of domestic design, production judgement disc；According to whether being domestic design, production judgement PCB Score；The secondary evaluation content of solid state hard disk includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content includes: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to being to assemble within the border Still assembling overseas determines the score in the assembling place of production, according to core develop team and the whether all domestic personnel of Executive Team with And the accounting of domestic developer determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person and determines money The score of this composition；According to the score for decision technology integration time development time for being engaged in this field product；Core technology is grasped The three-tiered evaluation content of degree includes: main control chip, storage particle, PCB, according to whether being domestic design, production judgement master control The score of chip；According to whether being the score of domestic design, production judgement storage particle；According to whether being domestic design, production Determine the score of PCB；

The secondary evaluation content of the mainboard includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content include: personnel component, composition of capital, technological accumulation time, wherein team and management are developed according to core The score of the accounting of the whether all domestic personnel of team and domestic developer judgement personnel component；According to domestic legal person or Natural person holds the score that capital accounting determines composition of capital；It is accumulated according to the development time decision technology for being engaged in this field product The score of time；The three-tiered evaluation content of core technology Grasping level includes: design, production, other components, according to whether being Domestic manufacturer's design and the score for whether being capable of providing schematic diagram and the judgement design of PCB layout designs data and drawing；According to being Still overseas manufacturer completes PCB production within the border or Denso determines the score of production；It is determined according to the quantity accounting produced within the border The score of its component；

The level-one assessment content of the basic software includes firmware, operating system, network firewall equipment application system；Institute It is identical to state firmware, operating system, the secondary evaluation content of network firewall equipment application system, designed including general frame, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design includes Direct system It unites design scheme, intellectual property, Intellectual Property Risk analysis, technical documentation, the three-tiered evaluation content of Code Design includes: one, Basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customize optimization ability, community Participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, code customization Optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；The three of project management Grade assessment content includes: one, test process and document；Two, configuration management；Develop team's background three-tiered evaluation content include: Technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification；

The level-one assessment content for developing team includes developing team's background；The secondary evaluation for developing team's background Content includes technological accumulation time, research institute's market competitiveness and personnel component, when according to the development for being engaged in this field product Between decision technology integration time score；According to two annual cities on this class product that can be mass and supply steadily in the long term Ranking of the field occupation rate in similar product determines the score of research institute's market competitiveness；Team and management are developed according to core The score of the accounting of the whether all domestic personnel of team and domestic developer judgement personnel component.

Particularly, when the Network Security Device to be assessed is vulnerability scanning equipment, the assessment object of setting includes hard Part system, basic software and development team；The level-one assessment content of the hardware system includes: central processing unit, network interface card control Chip, memory, hard disk, mainboard；The central processing unit, the secondary evaluation content of network card control chip are identical, include: system Structure design, chip testing, mating software and hardware, develops team's background at chip design, chip production；The three of architecture Design Grade assessment content includes: instruction set, intellectual property；Chip design three-tiered evaluation content include: logical design, verification platform, Physical Design, design platform；The three-tiered evaluation content of chip production includes: flow, encapsulation design, encapsulation production, encapsulating material； The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: chipset, exploitation Plate and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；The three-level for developing team's background is commented Estimating content includes: technological accumulation time, research institute's market competitiveness, personnel component, CMM；

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge Library；The firmware, operating system, vulnerability scanning engine, the secondary evaluation content of vulnerability scanning knowledge base are identical, include overall Architecture design, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design It is analyzed including yaw guy design scheme, intellectual property, Intellectual Property Risk, technical documentation, in the three-tiered evaluation of Code Design Appearance includes: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization Ability, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and note It releases, code customization optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；? The three-tiered evaluation content of mesh management includes: one, test process and document；Two, configuration management；Develop the three-tiered evaluation of team's background Content includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification；

Particularly, when the Network Security Device to be assessed is network invasion monitoring equipment, the assessment object packet of setting It includes hardware system, basic software and develops team；The level-one assessment content of the hardware system includes: central processing unit, network interface card Control chip, memory, hard disk, mainboard；The central processing unit, the secondary evaluation content of network card control chip are identical, include: Architecture Design, chip production, chip testing, mating software and hardware, develops team's background at chip design；Architecture Design Three-tiered evaluation content include: instruction set, intellectual property；The three-tiered evaluation content of chip design includes: logical design, verifies and put down Platform, physical Design, design platform；The three-tiered evaluation content of chip production includes: flow, encapsulation design, encapsulation production, package material Material；The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: chipset, opens Send out plate and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；Develop the three-level of team's background Assessing content includes: technological accumulation time, research institute's market competitiveness, personnel component, CMM；

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge Library；The firmware, operating system, intrusion detection engine, the secondary evaluation content of intrusion detection knowledge base are identical, include overall Architecture design, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design It is analyzed including yaw guy design scheme, intellectual property, Intellectual Property Risk, technical documentation, in the three-tiered evaluation of Code Design Appearance includes: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization Ability, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and note It releases, code customization optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；? The three-tiered evaluation content of mesh management includes: one, test process and document；Two, configuration management；Develop the three-tiered evaluation of team's background Content includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification；

Particularly, the autonomous degree of controllability grade classification condition set in the step S107, it is specific as follows: for be assessed Autonomous degree of controllability OCR:A grades of Network Security Device: OCR >=80%；B grades: 70%≤OCR < 80%；C grades: 60%≤OCR < 70%；D grades: 50%≤OCR < 60%；E grades: OCR < 50%.

The autonomous degree of controllability appraisal procedure of Network Security Device proposed by the present invention can accurately, comprehensively calculate network peace The autonomy-oriented degree of full equipment, evaluates the localization rate of parts and components of Network Security Device, be a kind of quantifiable Network Security Device from Main degree of controllability appraisal procedure.One aspect of the present invention can carry out autonomous degree of controllability self-evaluation with guide product development departments, promote to produce Product continuously improve the raising improved with autonomy-oriented level, and it is autonomous on the other hand to can also be used as third party appraisal agency development product The basic foundation of degree of controllability assessment, assessment result can hold the autonomous controllable degree of product for application section door knob, carry out product type selection Work provides data supporting.

Detailed description of the invention

Fig. 1 is the autonomous degree of controllability appraisal procedure flow chart of Network Security Device provided in an embodiment of the present invention.

Specific embodiment

To facilitate the understanding of the present invention, a more comprehensive description of the invention is given in the following sections with reference to the relevant attached drawings.In attached drawing Give presently preferred embodiments of the present invention.But the invention can be realized in many different forms, however it is not limited to this paper institute The embodiment of description.On the contrary, purpose of providing these embodiments is makes to the more thorough of the disclosure understanding Comprehensively.It should be noted that unless otherwise defined, all technical and scientific terms used herein and belong to of the invention The normally understood meaning of those skilled in the art is identical.Term as used herein in the specification of the present invention is In order to describe the purpose of specific embodiment, it is not intended that in the limitation present invention.Term " and or " used herein includes one Any and all combinations of a or multiple relevant listed items.

It please refers to shown in Fig. 1, Fig. 1 is the autonomous degree of controllability appraisal procedure stream of Network Security Device provided in an embodiment of the present invention Cheng Tu.

The autonomous degree of controllability appraisal procedure of Network Security Device is using " Kernel-based methods element and development team back in the present embodiment The analytic hierarchy process (AHP) of scape " carries out assessment content analysis, and the development & production process of product is considered as multiple processes, carries out process respectively Factor analysis.The evaluation system of autonomous degree of controllability is proposed from R&D process, core technology, the manufacturing, research staff etc., Including entry criteria, assessment content and weighted value, assessment tool and environment, evaluation process, score value model, grade classification six Point.Specifically comprise the following steps:

S101, the type for determining Network Security Device to be assessed.The Network Security Device to be assessed described in the present embodiment Refer in information system, the equipment that includes with high safety to network system being made of hardware system and software systems, including net Network firewall box, vulnerability scanning equipment, network invasion monitoring equipment etc..Network firewall equipment (network firewall Device) refer to according to filtering rule predetermined and security protection rule, to the access request and service of Servers-all The response of device carries out agreement and information filtering, realizes the safety information product of function of safety protection.Vulnerability scanning equipment (vulnerability scanning device) refers to based on vulnerability scan, by means such as scannings to specified long-range Or the Security Vulnerability of local computer system is detected, discovery can utilize the security detection equipment of loophole.Network intrusions Detection device (network intrusion detection device) refers to using the data packet on network as data source, supervises It listens all data packets in protected network and is analyzed, thus the equipment for the behavior that notes abnormalities.

The assessment object of S102, setting Network Security Device to be assessed.

S103, the weighted value for determining the level-one assessment content of the assessment object and setting level-one assessment content.

S104, the weighted value for determining the secondary evaluation content of each level-one assessment content and setting secondary evaluation content.

The autonomous degree of controllability score of S105, each secondary evaluation content of setting.

In above formula:

L is the total item that level-one assesses content；

w_iThe weighted value of content is assessed for i-th of level-one；

S107, according to the step S106 obtain Network Security Device to be assessed autonomous degree of controllability OCR, according to setting Autonomous degree of controllability grade classification condition determine the Network Security Device to be assessed autonomous degree of controllability grade.In this implementation The autonomous degree of controllability grade classification condition set in example is specific as follows: for the autonomous degree of controllability of Network Security Device to be assessed OCR:A grades: OCR >=80%；B grades: 70%≤OCR < 80%；C grades: 60%≤OCR < 70%；D grades: 50%≤OCR < 60%；E grades: OCR < 50%.

Specifically, in the present embodiment when the Network Security Device to be assessed is network firewall equipment, setting Assessment object includes hardware system, basic software and development team；The level-one assessment content of the hardware system includes: centre Manage device, network card control chip, memory, hard disk, mainboard；The secondary evaluation content phase of the central processing unit, network card control chip Together, include: architecture Design, chip design, chip production, chip testing, mating software and hardware, develop team's background；Body The three-tiered evaluation content of architecture design includes: instruction set, intellectual property；The three-tiered evaluation content of chip design includes: logic Design, verification platform, physical Design, design platform；The three-tiered evaluation content of chip production includes: flow, encapsulation design, encapsulation Production, encapsulating material；The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content packet of mating software and hardware It includes: chipset, development board and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；The group of development The three-tiered evaluation content of team's background includes: technological accumulation time, research institute's market competitiveness, personnel component, CMM.

The secondary evaluation content of the memory includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content include: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to being domestic group Still assembling overseas determines to assemble the score in the place of production dress, develops team and the whether all domestic personnel of Executive Team according to core And the accounting of domestic developer determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person to determine The score of composition of capital；According to the score for decision technology integration time development time for being engaged in this field product；The core technology palm The three-tiered evaluation content for holding degree includes: memory grain, control chip, according to whether being domestic design, production judgement memory The score of grain；According to whether being the score of domestic design, production judgement control chip.

The hard disk includes mechanical hard disk and solid state hard disk, and the secondary evaluation content of mechanical hard disk includes: to develop team's back Scape, core technology Grasping level, the three-tiered evaluation content for developing team's background includes: the assembling place of production, personnel component, capital structure At, technological accumulation time, wherein according to being domestic assembling or overseas assembling determines the score in the assembling place of production, ground according to core The score of the accounting of briquetting team and the whether all domestic personnel of Executive Team and domestic developer judgement personnel component；Root Hold the score that capital accounting determines composition of capital according to domestic legal person or natural person；According to the development time for being engaged in this field product The score of decision technology integration time；The three-tiered evaluation content of core technology Grasping level include: main control chip, magnetic head, disc, PCB, according to whether being the score of domestic design, production judgement main control chip；According to whether being domestic design, production judgement magnetic head Score；According to whether being the score of domestic design, production judgement disc；According to whether being domestic design, production judgement PCB Score；The secondary evaluation content of solid state hard disk includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content includes: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to being to assemble within the border Still assembling overseas determines the score in the assembling place of production, according to core develop team and the whether all domestic personnel of Executive Team with And the accounting of domestic developer determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person and determines money The score of this composition；According to the score for decision technology integration time development time for being engaged in this field product；Core technology is grasped The three-tiered evaluation content of degree includes: main control chip, storage particle, PCB, according to whether being domestic design, production judgement master control The score of chip；According to whether being the score of domestic design, production judgement storage particle；According to whether being domestic design, production Determine the score of PCB.

The secondary evaluation content of the mainboard includes: to develop team's background, core technology Grasping level, develops team's background Three-tiered evaluation content include: personnel component, composition of capital, technological accumulation time, wherein team and management are developed according to core The score of the accounting of the whether all domestic personnel of team and domestic developer judgement personnel component；According to domestic legal person or Natural person holds the score that capital accounting determines composition of capital；It is accumulated according to the development time decision technology for being engaged in this field product The score of time；The three-tiered evaluation content of core technology Grasping level includes: design, production, other components, according to whether being Domestic manufacturer's design and the score for whether being capable of providing schematic diagram and the judgement design of PCB layout designs data and drawing；According to being Still overseas manufacturer completes PCB production within the border or Denso determines the score of production；It is determined according to the quantity accounting produced within the border The score of its component.

The level-one assessment content of the basic software includes firmware, operating system, network firewall equipment application system；Institute It is identical to state firmware, operating system, the secondary evaluation content of network firewall equipment application system, designed including general frame, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design includes Direct system It unites design scheme, intellectual property, Intellectual Property Risk analysis, technical documentation, the three-tiered evaluation content of Code Design includes: one, Basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customize optimization ability, community Participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, code customization Optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；The three of project management Grade assessment content includes: one, test process and document；Two, configuration management；Develop team's background three-tiered evaluation content include: Technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification.

Specifically, setting is commented in the present embodiment when the Network Security Device to be assessed is vulnerability scanning equipment Estimating object includes hardware system, basic software and development team；The level-one assessment content of the hardware system includes: central processing Device, network card control chip, memory, hard disk, mainboard；The central processing unit, the secondary evaluation content of network card control chip are identical, Include: architecture Design, chip design, chip production, chip testing, mating software and hardware, develop team's background；System knot The three-tiered evaluation content of structure design includes: instruction set, intellectual property；Chip design three-tiered evaluation content include: logical design, Verification platform, physical Design, design platform；The three-tiered evaluation content of chip production include: flow, encapsulation design, encapsulation production, Encapsulating material；The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: core Piece group, development board and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；Develop team's background Three-tiered evaluation content include: technological accumulation time, research institute's market competitiveness, personnel component, CMM.

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge Library；The firmware, operating system, vulnerability scanning engine, the secondary evaluation content of vulnerability scanning knowledge base are identical, include overall Architecture design, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design It is analyzed including yaw guy design scheme, intellectual property, Intellectual Property Risk, technical documentation, in the three-tiered evaluation of Code Design Appearance includes: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization Ability, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and note It releases, code customization optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；? The three-tiered evaluation content of mesh management includes: one, test process and document；Two, configuration management；Develop the three-tiered evaluation of team's background Content includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification.

Specifically, in the present embodiment when the Network Security Device to be assessed is network invasion monitoring equipment, setting Assessment object include hardware system, basic software and develop team；The level-one assessment content of the hardware system includes: center Processor, network card control chip, memory, hard disk, mainboard；The secondary evaluation content of the central processing unit, network card control chip It is identical, include: architecture Design, chip design, chip production, chip testing, mating software and hardware, develop team's background； The three-tiered evaluation content of architecture Design includes: instruction set, intellectual property；The three-tiered evaluation content of chip design includes: to patrol Collect design, verification platform, physical Design, design platform；The three-tiered evaluation content of chip production includes: flow, encapsulation design, envelope Dress production, encapsulating material；The three-tiered evaluation content of chip testing includes: bare die test；The three-tiered evaluation content of mating software and hardware It include: chipset, development board and emulator, Development Tool Chain, driver/board suppot package/firmware, customer documentation；It develops The three-tiered evaluation content of team's background includes: technological accumulation time, research institute's market competitiveness, personnel component, CMM.

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge Library；The firmware, operating system, intrusion detection engine, the secondary evaluation content of intrusion detection knowledge base are identical, include overall Architecture design, Code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design It is analyzed including yaw guy design scheme, intellectual property, Intellectual Property Risk, technical documentation, in the three-tiered evaluation of Code Design Appearance includes: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization Ability, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and note It releases, code customization optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；? The three-tiered evaluation content of mesh management includes: one, test process and document；Two, configuration management；Develop the three-tiered evaluation of team's background Content includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification.

Below to central processing unit, network card control chip in the autonomous degree of controllability appraisal procedure of above-mentioned Network Security Device etc. The autonomous degree of controllability evaluation process outline of the assessment of autonomous degree of controllability and basic software of managing device chip is as follows:

The autonomous degree of controllability evaluation process of processor chips is as follows:

Determine the level-one assessment content and its weighted value of processor chips.Specifically, in the level-one assessment of processor chips Appearance includes: architecture Design, chip design, chip production, chip testing, mating software and hardware, develops team's background.

It determines architecture Design, chip design, chip production, chip testing, mating software and hardware, develop team's background Secondary evaluation content and its weighted value.Specifically, the secondary evaluation content of architecture Design includes: instruction set, intellectual property； The secondary evaluation content of chip design includes: logical design, verification platform, physical Design, design platform；The second level of chip production Assessment content includes: flow, encapsulation design, encapsulation production, encapsulating material；The secondary evaluation content of chip testing includes: bare die Test；The secondary evaluation content of mating software and hardware include: chipset, development board and emulator, Development Tool Chain, driver/ Board suppot package/firmware, customer documentation；The secondary evaluation content for developing team's background includes: technological accumulation time, research institute The market competitiveness, personnel component, CMMI qualification.The score detailed rules and regulations of instruction set include: autonomous instruction set, are recognized by authoritative institution Intellectual Property Risk is not present in card；Non-autonomous instruction set obtains permanently effective authorization, can independently extend；Non-autonomous instruction set, Permanently effective authorization is obtained, can not independently be extended；Non-autonomous instruction set obtains effectively authorization, can independently extend；Non-autonomous instruction Collection obtains effectively authorization, can not independently extend；Non-autonomous instruction set does not obtain effective authorization.The score detailed rules and regulations packet of intellectual property It includes: grasping the A to Z of property right, possess complete patent system；Partial knowledge property right is grasped, partial monopoly, other parts are possessed There is authorization；There is license；There is patent infringement risk, and risk can not avoid.

The three-tiered evaluation content of logical design includes: processor core, on piece interconnection and consistency, interface；Processor core The score detailed rules and regulations of the heart include: the entirely autonomous design of institute's source code；Main source code (assembly line, arithmetic unit, instruction unit) Autonomous Design；Main source code (assembly line, arithmetic unit, instruction unit) uses the IP of domestic manufacturer's independent research；It cannot reach To requirements above.The score detailed rules and regulations of on piece interconnection and consistency include: the entirely autonomous design of institute's source code；Main source code (consistency protocol, interconnection logic) autonomous Design；Main source code (consistency protocol, interconnection logic) is autonomous using domestic manufacturer The IP of research and development；Requirements above cannot be reached.The score detailed rules and regulations of interface include: the entirely autonomous design of controller source code, simulation electricity The entirely autonomous development of road physical layer IP；Controller source code autonomous Design or the IP for using domestic manufacturer's independent research, simulation electricity Road physical layer IP authorizes IP using manufacturer overseas；Controller source code authorizes IP, analog circuit physical layer IP using manufacturer overseas Independent development；Controller source code and analog circuit physical layer IP are all made of the IP of domestic manufacturer's independent research；Cannot reach with Upper requirement.

The score detailed rules and regulations of verification platform include: it is entirely autonomous build simplation verification platform, hardware emulator verification platform and FPGA verification platform, the entirely autonomous exploitation of test vector, test result are visible；Independently build simplation verification platform, hardware in part Emulator verification platform and FPGA verification platform, the independent development of test vector part, test result are partially visible；Without autonomous verifying Platform.The score detailed rules and regulations of physical Design include: that entirely autonomous design (realizes had using customization, semi-custom or integrated approach Whole design documentation and data, has complete design and check process, inspection result are visible)；Part autonomous Design is (using fixed System, semi-custom or integrated approach realize there is part design documentation and data, have part design and check process, check knot Fruit part is visible), authorization stone≤3 of use；All it is contracted out to domestic unit；All it is contracted out to unit overseas.Design is flat The score detailed rules and regulations of platform include: all to be designed using domestic eda tool；Part is designed using eda tool overseas, or Different degrees of secondary development is overseas carried out on eda tool；All it is designed using eda tool overseas.

The score detailed rules and regulations of flow include: that practical controlling shareholder is domestic legal person or natural person, and production line is domestic production line； Practical controlling shareholder is domestic legal person or natural person, and production line is production line overseas；Practical controlling shareholder is for legal person overseas or certainly Right people, production line are production line overseas.The score detailed rules and regulations of encapsulation design include: entirely autonomous design；Non-fully autonomous Design.Envelope The score detailed rules and regulations of dress production include: that practical controlling shareholder is domestic legal person or natural person, and production line is domestic production line；Practical control Stock shareholder is domestic legal person or natural person, and production line is production line overseas；Practical controlling shareholder is overseas legal person or natural person, life Producing line is production line overseas.The score detailed rules and regulations of encapsulating material include: all domestic production such as shell, soldered ball, cover board and spun gold； The part such as shell, soldered ball, cover board and spun gold is overseas to produce；Shell, soldered ball, cover board and spun gold etc. are all overseas to be produced.It is naked The score detailed rules and regulations of built-in testing include bare die test and packaging and testing in domestic autonomous test；Packaging and testing are independently tested domestic, Bare die test is tested overseas；Bare die test is tested in domestic autonomous test, packaging and testing overseas；Bare die test and encapsulation are surveyed Examination is tested overseas.

The score detailed rules and regulations of chipset include: without other chipsets or chipset all using the core produced within the border Piece or chipset independent research；Part can be disclosed and be obtained, be supplied secure using the chip overseas produced, chip；All use The chip overseas produced is supplied without guarantee.The score detailed rules and regulations of development board and emulator include: provide the development board that produces within the border with Emulator；The development board overseas produced and the emulator produced within the border are provided；The development board produced within the border is provided and is overseas produced Emulator；The development board and emulator overseas produced is provided.The score detailed rules and regulations of Development Tool Chain include: Development Tool Chain whole To research and develop within the border, possesses whole source codes, possess the A to Z of property right；Developing instrument chain part is overseas to research and develop, and possesses whole Source code, no infringement；Development Tool Chain is all overseas to be researched and developed, and whole source codes are possessed；Development Tool Chain is all overseas to grind Hair, no source code；Development Tool Chain is imperfect.Driver/board suppot package/firmware score detailed rules and regulations include: to possess driving Whole source codes of program, board suppot package and firmware have modification source code ability；Possess driver, board suppot package With the part of original code of firmware, has modification source code ability；Source code without driver, board suppot package and firmware.With The score detailed rules and regulations of family document include: entirely autonomous to write whole customer documentations；Customer documentation is non-fully independently write, part is quoted Vendor rs documentation overseas；Customer documentation is non-fully independently write, vendor rs documentation overseas is all quoted.

According to the score for decision technology integration time development time for being engaged in this field product.According to can be mass and grow (public institution is with contract for ranking of two annual occupation rates of market in similar product on this class product of the phase stable supply of material Volume, business unit are using sales volume as evaluation index) determine research institute's market competitiveness score.

Sentenced according to the accounting that core develops team and the whether all domestic personnel of Executive Team and domestic developer The score that fix the number of workers is constituted.The score of CMMI qualification is determined according to the rank for obtaining CMMI certification.

Finally, according to the autonomous degree of controllability OCR of following two formula computation processor chip:

In above formula:

w_iThe weighted value of content is assessed for i-th of level-one；

The autonomous degree of controllability evaluation process of basic software is as follows:

Determine basic software (such as firmware, operating system, network firewall equipment application system, vulnerability scanning engine, loophole Scan knowledge base, intrusion detection engine, intrusion detection knowledge base, data base management system, browser, office software, network association Discuss software, cloud computing platform software and other software etc.) level-one assessment content and its weighted value.Level-one assesses content General frame design, Code Design, code building, project management and development team's background.

Determine the secondary evaluation content and its weighted value of level-one assessment content.The secondary evaluation content packet of general frame design It includes: yaw guy design scheme, intellectual property, Intellectual Property Risk analysis, technical documentation.The secondary evaluation content of Code Design It include: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization energy Power, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, Code customizes optimization ability；The secondary evaluation content of code building includes: Integrated Development Environment, installation kit tools；Project The secondary evaluation content of management includes: one, test process and document；Two, configuration management；In the secondary evaluation for developing team's background Appearance includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification.

The score detailed rules and regulations of yaw guy design scheme include: entirely autonomous architecture design；Architecture design is mainly using opening The product of source protocol, there is no intellectual property, time limit, law, disablings in the limitation of military field；Architecture design mainly uses border Outer private authorizing product, there is no intellectual property, time limit, law, disablings in the limitation of military field；Architecture design is main Using private authorizing product overseas, there are intellectual property, time limit, law, disablings in the limitation in Military Application field.Knowledge The score detailed rules and regulations of property right include: that granted patent quantity has fairly large, have core patent in core technology, patent distribution is tight Close and forward-looking, claims are big, and right is substantially indefectible, and patent achievement transformation benefit is good, in correlation Field has apparent Patent Competitive Advantage；Granted patent quantity, core technology core patent, patent distribution, claim are protected It is good to protect the comprehensive conditions such as range, patent achievement transformation benefit, there is certain Patent Competitive Advantage in related fields；Authorization is special Sharp quantity is few, and without patent in core technology, patent distribution imprecision, claims are small, and right has major imperfections, Patent achievement transformation benefit is poor, does not have Patent Competitive Advantage in related fields.The score detailed rules and regulations packet of Intellectual Property Risk analysis Include: patent risk analysis substantive content is abundant, and it is accurate that patent risk is held, and provides effective risk handling measurement；Patent risk It is more abundant to analyze substantive content, it is more accurate that patent risk is held, and provides substantially effective risk handling measurement；Patent risk analysis Lack substantive content, patent risk holds inaccuracy, lacks effective risk handling measurement；Without patent risk analysis.Technology text The score detailed rules and regulations of shelves include: to provide Outline Design, safe design, detailed design and the whole technical documentations for being packaged test, document It is complete, specification, consistent；Outline Design, safe design, detailed design and the portion of techniques document for being packaged test are provided；It does not provide Document provides invalid document.

It is soft to the basis based on open source or non-open source technology system according to open source and the non-two different technical systems of open source The Code Design of part is assessed.The assessment content of autonomous code design conditions includes the division of system structure module and importance system Number, submodule division and important coefficient and submodule score value.

1) with reference to the module of GJB 7716-2012, GJB 7717-2012, GJB 7718-2012 and GJB 7719-2012 Classification, the basic software based on open source technology system is divided into following system structure module, and important coefficient has been determined.

The system structure module of firmware includes: all kinds of agreements and infrastructure service, board-level management software；Drive module, operation System loader.

The system structure module of desktop operating system includes: basic kernel, basic compiler, base library, binary tools Collection；Programming interface, security module, hardware platform adaptation module；API, desktop system when shape library, image library, window system, operation System, Integrated Development Environment；Desktop application software (including instant messaging, input method, video, audio, mail etc.)

The system structure module of network switch operating system include: basic kernel, basic compiler, base library, two into Tool set processed；Programming interface, High Availabitity supporting module, security module, hardware platform adaptation module；API, operation when, middleware, Integrated Development Environment, network switch special-purpose software；Network switch application software (including Web service, shared service etc..

The system structure module of embedded OS includes: nucleus module；Expansion module；Special module；

The system structure module of data base management system includes: data layer module；Data service layer module；Interface module； Customer tools layer module；Special module.

The system structure module of office software includes: document format module, I/O module；It is framework realization, UI module, secondary Development interface；Basic-level support library.The system structure module of browser includes: JavaScript engine；Browser integrated operation ring Border.The system structure module of network protocol software includes: network packet trapping module；Network protocol analysis module；Store mould Block.The system structure module of cloud computing platform software includes: elastic calculation, container service, cross-domain data transmission；Global profile system System；Object storage.

2) several submodules are further divided into according to the function of realization to each system structure module, it is important according to its Degree respectively specifies that important coefficient, is divided into third gear.

The partitioning standards of key function module: product corn module；The partitioning standards of general utility functions module: product mark Quasi- functional module.The partitioning standards of extended function module: product extended function module.

3) to each submodule, it is specified that score by rules and score value.

The score detailed rules and regulations of autonomous code ratio include: to use for reference mainstream Open Source Code, provide complete Open Source Code analysis text Shelves and design documentation, autonomous code ratio >=30% grasp the structure and implementation method of source code comprehensively, have and repair as desired Change the ability of source code；Mainstream Open Source Code is used for reference, complete Open Source Code analysis document and design documentation, autonomous code are provided Ratio grasps the structure and implementation method of source code between 20%~30% comprehensively, has the energy for modifying source code as desired Power；Mainstream Open Source Code is used for reference, provides complete Open Source Code analysis document and design documentation, autonomous code ratio is between 10% ~20%, the structure and implementation method of source code are grasped comprehensively, have the ability for modifying source code as desired；Mainstream is used for reference to open Source code provides complete Open Source Code analysis document and design documentation, autonomous code ratio between 5%~10%, have by According to the ability of demand modification source code；Mainstream Open Source Code is used for reference, complete Open Source Code analysis document and design documentation are provided, Autonomous code ratio is lower than 2%~5%, has the ability for modifying source code as desired；Mainstream Open Source Code is used for reference, is provided Whole Open Source Code analysis document and design documentation, autonomous code ratio < 2%.

The score detailed rules and regulations of code analysis and annotation include: that code analysis illustrates that (including demand analysis document, framework are set document Meter/analysis document, Functional Design are realized/, which analyzes document, the analysis document for quoting module, changes module illustrates document etc.) and Code annotation is complete, good with product source code correspondence；Code analysis illustrate document (including demand analysis document, architecture design/ Analysis document, Functional Design realize/analyze document, the analysis document for quoting module, change module illustrate document etc.) or code Annotation is more complete, preferable with product source code correspondence；Lack code analysis and illustrates document (including demand analysis document, frame Structure, which designs ,/analyzing document, Functional Design is realized/, which analyzes document, the analysis document for quoting module, changes module illustrates document Deng) and code annotation.

The score detailed rules and regulations of code customization optimization ability include: the assessment of similar product on-site assessment, and total score ranks the first；It is similar The assessment of product on-site assessment, total score are number two；The assessment of similar product on-site assessment, total score are number three；Similar product scene Examination assessment, total score are number four；The assessment of similar product on-site assessment, total score are number five；The assessment of similar product on-site assessment, Total score ranking exceeds first five.

The score detailed rules and regulations of community participation ability include: in one, similar product, by redhat, fedora, centos, Debian, ubuntu, libreoffice, openoffice, kernel, kvm, openstack, gnome, openssl and Patch, suggestion, the module number that the mainstreams such as docker community adopts are more, and importance degree is high；Two, in similar product, quilt redhat、fedora、centos、debian、ubuntu、libreoffice、openoffice、kernel、kvm、 Patch, suggestion, the module number that the mainstreams such as openstack, gnome, openssl and docker community adopts are less and important Property degree it is high；Three, in similar product, by redhat, fedora, centos, debian, ubuntu, libreoffice, Patch that the mainstreams such as openoffice, kernel, kvm, openstack, gnome, openssl and docker community adopts is built View, module number are less, and importance degree is not high；Four, in similar product, by redhat, fedora, centos, debian, Ubuntu, libreoffice, openoffice, kernel, kvm, openstack, gnome, openssl and docker etc. are main Patch, suggestion, the module number that stream community adopts are minimum, and importance degree is not high.

The assessment content of basic software based on non-open source technology system is mainly for autonomous code design conditions.Autonomous generation Code design conditions assessment content include system structure module divide and important coefficient, submodule divide and important coefficient and Submodule score value.

1) division of system structure module and important coefficient: consistent with the basic software based on open source technology system.2) sub Module divides and important coefficient: consistent with the basic software based on open source technology system.3) submodule score value: to each submodule Block is as follows, it is specified that score by rules and score value:

The score detailed rules and regulations of autonomous code ratio include: that source code is independently write, and design documentation is completely consistent, autonomous code ratio Rate >=90% grasps the structure and implementation method of source code comprehensively, has the ability for modifying source code as desired；Source code and Design documentation is independently write, and design documentation is completely consistent, and autonomous code ratio grasps source code between 80%~90% comprehensively Structure and implementation method have the ability for modifying source code as desired；Source code and design documentation are independently write, code module Typical algorithm is used for reference in design, and autonomous code ratio grasps the structure and implementation method of source code, tool between 70%~80% comprehensively The standby ability for modifying source code as desired；Source code and design documentation are independently write, and typical algorithm is used for reference in code module design, Autonomous code ratio grasps the structure and implementation method of source code comprehensively, has and modify source as desired between 50%~70% The ability of code；Source code and design documentation are independently write, code module design use for reference typical algorithm, autonomous code ratio between 30%~50%, the structure and implementation method of source code are grasped comprehensively, have the ability for modifying source code as desired；Source code Non-autonomous realization, for autonomous code ratio between 20%~30%, the structure and implementation method of source code are grasped in part, but understand source Code function；The non-autonomous realization of source code, autonomous code ratio < 20%.

The score detailed rules and regulations of code customization optimization ability include: the assessment of similar product on-site assessment, and total score ranks the first；It is similar The assessment of product on-site assessment, total score are number two；The assessment of similar product on-site assessment, total score are number three；Similar product scene Examination assessment, total score are number four；The assessment of similar product on-site assessment, total score are number five；The assessment of similar product on-site assessment, Total score ranking exceeds first five.The score detailed rules and regulations of Integrated Development Environment include: compiling system using independent research product；Compiling system Using improved open source product；Compiling system is using open source product；Compiling system uses domestic commercial product；Compiling system is adopted With commercial product overseas.The score detailed rules and regulations of installation kit tools include: installation kit tools using independent research product；Peace It fills packet tools and uses improved open source product；Installation kit tools are using open source product；Installation kit tools are adopted With domestic commercial product；Installation kit tools are using commercial product overseas.The score detailed rules and regulations of test process and document include: to cover The complete test process to all firsts and seconds modules, including unit testing, integration testing and system testing are covered, is had complete Test process document；The integration testing to previous module and system testing are covered, it is imperfect to the test of second level module, have Corresponding test document；Requirements above cannot be reached.The score detailed rules and regulations of configuration management include: each rank of traceable software life-cycle All versions of section can control, record, track modification to all versions of software, and defect management is perfect, self-consistent and can chase after It traces back；The main version of traceable software development phase can control, the modification of record, tracking to software major release, defect management It is more perfect, it is self-consistent and can be traced；Requirements above cannot be reached.Skill is determined according to the development time for being engaged in this field product The score of art integration time.According to two annual occupation rates of market on this class product that can be mass and supply steadily in the long term Ranking (public institution is with contract amount, business unit using sales volume as evaluation index) in similar product determines research institute The score of the market competitiveness.Team and the whether all domestic personnel of Executive Team and domestic developer are developed according to core Accounting determine personnel component score.The score of CMMI qualification is determined according to the rank for obtaining CMMI certification.

The autonomous degree of controllability OCR of basic software is calculated according to following two formula:

According to system structure module, submodule divides and lines of code, determines that the autonomous degree of controllability of each functional module obtains Score value, and calculate the score S of autonomous code ratio_{Autonomous code ratio}:

In above formula:

w_iThe weighted value of content is assessed for i-th of level-one；

X is the sum of p-th of system structure module；

Y is by q-th of submodule sum for including in p-th of system structure module；

Cp is the important coefficient of p-th of system structure module；

C_pqFor the important coefficient of q-th of submodule of p-th of system structure module；

m_pqFor the score value of q-th of submodule in p-th of system structure module.

Technical solution of the present invention can accurately, comprehensively calculate the autonomy-oriented degree of Network Security Device, evaluate The localization rate of parts and components of Network Security Device is a kind of autonomous degree of controllability appraisal procedure of quantifiable Network Security Device.The present invention one Aspect can carry out autonomous degree of controllability self-evaluation with guide product development departments, promote product to continuously improve and improve and autonomy-oriented level Raising, on the other hand can also be used as the basic foundation that third party appraisal agency carries out product autonomous degree of controllability assessment, assessment As a result the autonomous controllable degree of product can be held for application section door knob, development product type selection work provides data supporting.This assessment body System specifies the level-one assessment content for carrying out autonomous degree of controllability assessment and weighted value and each single item level-one assessment content includes Secondary evaluation content and weighted value.Scientific system, index are clear, can instruct the autonomous degree of controllability assessment to Network Security Device.

The above description is only a preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art For, the invention can have various changes and changes.All any modifications made within the spirit and principles of the present invention are equal Replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims

1. a kind of autonomous degree of controllability appraisal procedure of Network Security Device, which comprises the steps of:

S101, the type for determining Network Security Device to be assessed；

In above formula:

L is the total item that level-one assesses content；

w_iThe weighted value of content is assessed for i-th of level-one；

w_ijkThe weighted value of k-th of three-tiered evaluation content of j-th of secondary evaluation content in content is assessed for i-th of level-one；

s_ijkThe autonomous controllable of k-th of three-tiered evaluation content of j-th of secondary evaluation content in content is assessed for i-th of level-one Spend score.

2. the autonomous degree of controllability appraisal procedure of Network Security Device according to claim 1, which is characterized in that the step After S106 further include: S107, according to the step S106 obtain Network Security Device to be assessed autonomous degree of controllability OCR, The grade of the autonomous degree of controllability of the Network Security Device to be assessed is determined according to the autonomous degree of controllability grade classification condition of setting.

3. the autonomous degree of controllability appraisal procedure of Network Security Device according to claim 2, which is characterized in that described to be assessed Network Security Device includes network firewall equipment, vulnerability scanning equipment, network invasion monitoring equipment three types.

4. the autonomous degree of controllability appraisal procedure of Network Security Device according to claim 3, which is characterized in that when described to be evaluated Estimate Network Security Device be network firewall equipment when, the assessment object of setting include hardware system, basic software and develop group Team；The level-one assessment content of the hardware system includes: central processing unit, network card control chip, memory, hard disk, mainboard；It is described Central processing unit, the secondary evaluation content of network card control chip are identical, include: architecture Design, chip design, chip life Production, mating software and hardware, develops team's background at chip testing；The three-tiered evaluation content of architecture Design includes: instruction set, knows Know property right；The three-tiered evaluation content of chip design includes: logical design, verification platform, physical Design, design platform；Chip is raw The three-tiered evaluation content of production includes: flow, encapsulation design, encapsulation production, encapsulating material；The three-tiered evaluation content packet of chip testing It includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: chipset, development board and emulator, Development Tool Chain, drive Dynamic program/board suppot package/firmware, customer documentation；Develop team's background three-tiered evaluation content include: the technological accumulation time, Research institute's market competitiveness, personnel component, CMM；

The secondary evaluation content of the memory includes: to develop team's background, core technology Grasping level, develops the three of team's background Grade assessment content includes: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to be domestic assembling also The score that overseas assembling determines the assembling place of production, according to core develop team and the whether all domestic personnel of Executive Team and The accounting of domestic developer determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person and determines capital The score of composition；According to the score for decision technology integration time development time for being engaged in this field product；Core technology grasps journey The three-tiered evaluation content of degree includes: memory grain, control chip, according to whether being domestic design, production judgement memory grain Score；According to whether being the score of domestic design, production judgement control chip；

The hard disk includes mechanical hard disk and solid state hard disk, and the secondary evaluation content of mechanical hard disk includes: to develop team's background, core Heart technology Grasping level, the three-tiered evaluation content for developing team's background includes: the assembling place of production, personnel component, composition of capital, technology Integration time, wherein according to being domestic assembling or overseas assembling determines the score in the assembling place of production, according to core develop team and The score of the accounting of the whether all domestic personnel of Executive Team and domestic developer judgement personnel component；According to domestic method People or natural person hold the score that capital accounting determines composition of capital；According to the development time decision technology for being engaged in this field product The score of integration time；The three-tiered evaluation content of core technology Grasping level includes: main control chip, magnetic head, disc, PCB, according to Whether it is domestic design, produces the score for determining main control chip；According to whether being the score of domestic design, production judgement magnetic head； According to whether being the score of domestic design, production judgement disc；According to whether being the score of domestic design, production judgement PCB；Gu The secondary evaluation content of state hard disk includes: to develop team's background, core technology Grasping level, develops the three-tiered evaluation of team's background Content includes: the assembling place of production, personnel component, composition of capital, technological accumulation time, wherein according to being domestic assembling or overseas Assembling determines the score in the assembling place of production, develops team and the whether all domestic personnel of Executive Team according to core and opens within the border The accounting of hair personnel determines the score of personnel component；Hold capital accounting according to domestic legal person or natural person and determines composition of capital Score；According to the score for decision technology integration time development time for being engaged in this field product；The three of core technology Grasping level Grade assessment content includes: main control chip, storage particle, PCB, according to whether be domestic design, production determine main control chip Point；According to whether being the score of domestic design, production judgement storage particle；According to whether being domestic design, production judgement PCB Score；

The secondary evaluation content of the mainboard includes: to develop team's background, core technology Grasping level, develops the three of team's background Grade assessment content includes: personnel component, composition of capital, technological accumulation time, wherein develops team and Executive Team according to core Whether the accounting of all domestic personnel and domestic developer determine the score of personnel component；According to domestic legal person or nature People holds the score that capital accounting determines composition of capital；According to decision technology integration time development time for being engaged in this field product Score；The three-tiered evaluation content of core technology Grasping level includes: design, production, other components, according to whether being domestic Manufacturer designs and whether is capable of providing schematic diagram and PCB layout designs data and drawing determines the score of design；According to being domestic Still overseas manufacturer completes PCB production or Denso determines the score of production；Other members are determined according to the quantity accounting produced within the border The score of device；

The level-one assessment content of the basic software includes firmware, operating system, network firewall equipment application system；It is described solid Part, operating system, the secondary evaluation content of network firewall equipment application system are identical, include general frame design, code Design, code building, project management and development team's background, the three-tiered evaluation content of general frame design includes that yaw guy is set Meter scheme, intellectual property, Intellectual Property Risk analysis, technical documentation, the three-tiered evaluation content of Code Design include: one, are based on The basic software of open source technology system: autonomous code ratio, code analysis and annotation, code customize optimization ability, community participation Ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization Ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；The three-level of project management is commented Estimating content includes: one, test process and document；Two, configuration management；The three-tiered evaluation content for developing team's background includes: technology Integration time, research institute's market competitiveness, personnel component and CMMI qualification；

The level-one assessment content for developing team includes developing team's background；The secondary evaluation content for developing team's background Including technological accumulation time, research institute's market competitiveness and personnel component, sentenced according to the development time for being engaged in this field product Determine the score of technological accumulation time；It is accounted for according to two annual markets on this class product that can be mass and supply steadily in the long term There is ranking of the rate in similar product to determine the score of research institute's market competitiveness；Team and Executive Team are developed according to core Whether the accounting of all domestic personnel and domestic developer determine the score of personnel component.

5. the autonomous degree of controllability appraisal procedure of Network Security Device according to claim 3, which is characterized in that when described to be evaluated Estimate Network Security Device be vulnerability scanning equipment when, the assessment object of setting include hardware system, basic software and develop team； The level-one assessment content of the hardware system includes: central processing unit, network card control chip, memory, hard disk, mainboard；In described Central processor, the secondary evaluation content of network card control chip are identical, include: architecture Design, chip design, chip life Production, mating software and hardware, develops team's background at chip testing；The three-tiered evaluation content of architecture Design includes: instruction set, knows Know property right；The three-tiered evaluation content of chip design includes: logical design, verification platform, physical Design, design platform；Chip is raw The three-tiered evaluation content of production includes: flow, encapsulation design, encapsulation production, encapsulating material；The three-tiered evaluation content packet of chip testing It includes: bare die test；The three-tiered evaluation content of mating software and hardware includes: chipset, development board and emulator, Development Tool Chain, drive Dynamic program/board suppot package/firmware, customer documentation；Develop team's background three-tiered evaluation content include: the technological accumulation time, Research institute's market competitiveness, personnel component, CMM；

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge base； The firmware, operating system, vulnerability scanning engine, the secondary evaluation content of vulnerability scanning knowledge base are identical, include overall frame Structure design, Code Design, code building, project management and development team's background, the three-tiered evaluation content packet of general frame design Include yaw guy design scheme, intellectual property, Intellectual Property Risk analysis, technical documentation, the three-tiered evaluation content of Code Design It include: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization energy Power, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, Code customizes optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；Project The three-tiered evaluation content of management includes: one, test process and document；Two, configuration management；In the three-tiered evaluation for developing team's background Appearance includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification；

6. the autonomous degree of controllability appraisal procedure of Network Security Device according to claim 3, which is characterized in that when described to be evaluated Estimate Network Security Device be network invasion monitoring equipment when, the assessment object of setting includes hardware system, basic software and development Team；The level-one assessment content of the hardware system includes: central processing unit, network card control chip, memory, hard disk, mainboard；Institute It is identical to state central processing unit, the secondary evaluation content of network card control chip, includes: architecture Design, chip design, chip Production, mating software and hardware, develops team's background at chip testing；The three-tiered evaluation content of architecture Design include: instruction set, Intellectual property；The three-tiered evaluation content of chip design includes: logical design, verification platform, physical Design, design platform；Chip The three-tiered evaluation content of production includes: flow, encapsulation design, encapsulation production, encapsulating material；The three-tiered evaluation content of chip testing It include: bare die test；The three-tiered evaluation content of mating software and hardware include: chipset, development board and emulator, Development Tool Chain, Driver/board suppot package/firmware, customer documentation；When the three-tiered evaluation content of development team's background includes: technological accumulation Between, research institute's market competitiveness, personnel component, CMM；

The level-one assessment content of the basic software includes firmware, operating system, intrusion detection engine, intrusion detection knowledge base； The firmware, operating system, intrusion detection engine, the secondary evaluation content of intrusion detection knowledge base are identical, include overall frame Structure design, Code Design, code building, project management and development team's background, the three-tiered evaluation content packet of general frame design Include yaw guy design scheme, intellectual property, Intellectual Property Risk analysis, technical documentation, the three-tiered evaluation content of Code Design It include: the one, basic software based on open source technology system: autonomous code ratio, code analysis and annotation, code customization optimization energy Power, community participation ability；Two, the basic software based on non-open source technology system: autonomous code ratio, code analysis and annotation, Code customizes optimization ability；The three-tiered evaluation content of code building includes: Integrated Development Environment, installation kit tools；Project The three-tiered evaluation content of management includes: one, test process and document；Two, configuration management；In the three-tiered evaluation for developing team's background Appearance includes: technological accumulation time, research institute's market competitiveness, personnel component and CMMI qualification；

7. the autonomous degree of controllability appraisal procedure of the Network Security Device according to one of claim 2 to 6, which is characterized in that institute State the autonomous degree of controllability grade classification condition set in step S107, it is specific as follows: for Network Security Device to be assessed from Main degree of controllability OCR:A grades: OCR >=80%；B grades: 70%≤OCR < 80%；C grades: 60%≤OCR < 70%；D grades: 50%≤ OCR < 60%；E grades: OCR < 50%.