CN111563254A - Threat risk processing method and apparatus for product, computer system and medium - Google Patents

Threat risk processing method and apparatus for product, computer system and medium Download PDF

Info

Publication number
CN111563254A
CN111563254A CN202010379490.6A CN202010379490A CN111563254A CN 111563254 A CN111563254 A CN 111563254A CN 202010379490 A CN202010379490 A CN 202010379490A CN 111563254 A CN111563254 A CN 111563254A
Authority
CN
China
Prior art keywords
threat
business
risk
risks
product
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010379490.6A
Other languages
Chinese (zh)
Inventor
刘婉娇
徐雅静
周芙蓉
叶红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010379490.6A priority Critical patent/CN111563254A/en
Publication of CN111563254A publication Critical patent/CN111563254A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Abstract

The present disclosure provides a threat risk processing method for a product, comprising: obtaining a business flow diagram of each business function in a plurality of business functions of a product, wherein each business flow diagram comprises a plurality of elements, and each element comprises a plurality of instances; generating a threat list of the product according to each business flow chart and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element; a risk assessment is performed for each threat risk in the list of threats to determine a handling strategy for handling each threat risk. The present disclosure also provides a threat risk processing apparatus, a computer system, and a storage medium for a product.

Description

Threat risk processing method and apparatus for product, computer system and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a threat risk processing method and apparatus for a product, a computer system, and a storage medium.
Background
The development of the internet brings convenience to the life of people and brings safety risks, along with the development of the mobile internet technology, lawless persons utilize business rule loopholes and technical means to carry out various fraudulent attack behaviors, and the business threat risk becomes a problem that every business in the world cannot be ignored.
At present, generally, the threat risk in the business is identified by means of manual experience, the threat risk is processed by means of technical experience, and the identification and processing efficiency and accuracy of the threat risk are low.
Disclosure of Invention
In view of the above, the present disclosure provides a threat risk processing method and apparatus for a product, a computer system, and a storage medium.
One aspect of the present disclosure provides a threat risk processing method applied to a product, including: obtaining a business flow diagram of each business function in a plurality of business functions of the product, wherein each business flow diagram comprises a plurality of elements, and each element comprises a plurality of instances; generating a threat list for the product from each of the business process graphs and a threat library, wherein the threat library includes a plurality of the elements and a plurality of threat risks corresponding to each of the elements, the threat list including: a plurality of said business functions, a plurality of instances in a business process diagram corresponding to each said business function, and a plurality of threat risks corresponding to each said instance; a threat assessment is performed on each of the threat risks in the list of threats to determine a handling policy for handling each of the threat risks.
Another aspect of the present disclosure provides a threat risk processing apparatus for a product, including: an obtaining module, configured to obtain a business process flow diagram of each business function in a plurality of business functions of the product, where each business process flow diagram includes a plurality of elements, and each element includes a plurality of instances; a first generating module configured to generate a threat list for the product according to each of the business process diagrams and a threat library, wherein the threat library includes a plurality of the elements and a plurality of threat risks corresponding to each of the elements, and the threat list includes: a plurality of said business functions, a plurality of instances in a business process diagram corresponding to each said business function, and a plurality of threat risks corresponding to each said instance; an evaluation module for performing a risk evaluation on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Another aspect of the present disclosure provides a computer system comprising: one or more processors; storage means for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
According to the embodiment of the disclosure, a business flow diagram for obtaining each business function of a product is adopted, the threat risk corresponding to each instance in each business flow diagram is obtained from a threat library, a threat list is generated, and risk evaluation is performed on each threat risk in the threat list so as to determine a technical means for processing the processing strategy for processing each threat risk. Because the threat risk in the business flow chart is automatically determined through the threat library, and the processing strategy of the threat risk is determined through risk evaluation on the threat risk, the technical problems of low efficiency and low accuracy caused by manually identifying and processing the threat risk in the related technology are at least partially overcome, and the technical effect of efficiently and accurately identifying and processing the threat risk is further achieved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture to which the threat risk processing methods and apparatus for products of embodiments of the present disclosure may be applied;
FIG. 2 schematically illustrates a flow chart of a threat risk handling method for a product to which an embodiment of the disclosure may be applied;
FIG. 3 schematically illustrates a business flow diagram of a login service according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram of a method of generating a threat list for a product according to an embodiment of the disclosure;
FIG. 5 schematically illustrates a flow chart of a method of obtaining a business flow chart for each business function in a product according to an embodiment of the disclosure;
FIG. 6 schematically illustrates a business logic diagram of a product according to an embodiment of the disclosure;
FIG. 7 schematically illustrates a flow chart of a method of threat assessment for each threat risk in a list of threats, in accordance with an embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow chart of a method of calculating a threat score for each threat risk in a list of threats, in accordance with an embodiment of the present disclosure;
FIG. 9 schematically illustrates a flow chart of a method of calculating a threat handling level for each threat risk according to an embodiment of the disclosure;
FIG. 10 schematically illustrates a flow chart of a method of determining a handling policy for handling each threat risk according to an embodiment of the present disclosure;
FIG. 11 schematically illustrates a flow chart of a method of demonstrating threat risk in accordance with an embodiment of the present disclosure;
FIG. 12 schematically illustrates a rose diagram according to an embodiment of the disclosure;
FIG. 13 schematically illustrates a block diagram of a threat risk processing apparatus for a product, in accordance with an embodiment of the present disclosure; and
FIG. 14 schematically illustrates a block diagram of a computer system suitable for the threat risk processing method and apparatus of a product according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
With the development of the mobile internet technology, lawless persons utilize business rule loopholes and technical means to perform wool pulling, letter brushing and frying, data crawling, account stealing, information appropriation, card stealing and swiping, transaction fraud, false loan application and the like, and even form a black industrial chain. The black and grey fraud attacks cover almost all service scenarios, and in the face of frequent service interactions each day, how to deal with the threat risk in the service scenario is particularly important for service providers.
Based on this, the embodiment of the disclosure provides a threat risk processing method and device for a product. The method comprises the steps of obtaining a business flow diagram of each business function in a plurality of business functions of a product, wherein each business flow diagram comprises a plurality of elements, and each element comprises a plurality of instances; generating a threat list of the product according to each business flow diagram and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list comprises: a plurality of business functions, a plurality of instances in a business flow graph corresponding to each business function, and a plurality of threat risks corresponding to each instance; performing a risk assessment on each of the threat risks in the list of threats to determine a handling policy for handling each of the threat risks.
Fig. 1 schematically illustrates an exemplary system architecture 100 for a threat risk processing method and apparatus for a product to which embodiments of the present disclosure may be applied. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include a terminal device 101, a server 102, and a database 103. A user may use terminal device 101 to interact with server 102 over a network to receive or send messages and the like. The server 102 may be a server that provides various services, and the server 102 may analyze and perform processing on data such as a received user request and feed back a processing result to the terminal apparatus 101. Database 103 may be used to store data such as a threat library that is pre-constructed by users.
For example, a user may draw a business flowchart using terminal device 101 and then send a request to server 102 via terminal device 101 to determine the risk of threat in the business flowchart. The server 102 may determine the threat risk in the business process diagram and generate a threat list to feed back to the terminal device 101 by querying a threat library stored in the database.
For another example, the user may input one or more information of the recurrence difficulty, the discovery difficulty, the utilization difficulty, the attack technology maturity, the attack technology difficulty, the hazard degree, the potential loss caused by each threat risk, and the asset value of the affected user and product of each threat risk in the threat list using the terminal device 101, and then send a request for calculating the threat score of the threat risk to the server 102 through the terminal device 101, and the server 102 may calculate the threat score of each threat risk according to the information and feed the threat score back to the terminal device 101.
It should be noted that the threat risk processing method for a product provided by the embodiment of the present disclosure may be generally executed by the server 102. Accordingly, the threat risk processing apparatus for products provided by the embodiments of the present disclosure may be generally disposed in the server 102. The threat risk processing method for the product provided by the embodiment of the disclosure may also be executed by a server or a server cluster which is different from the server 102 and can communicate with the terminal device 101 and/or the server 102. Accordingly, the threat risk processing apparatus for a product provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 102 and is capable of communicating with the terminal device 101 and/or the server 102.
It should be understood that the number of terminal devices 101, servers 102 and databases 103 in fig. 1 is merely illustrative. There may be any number of terminal devices 101, servers 102, and databases 103, as desired for implementation.
FIG. 2 schematically illustrates a flow chart of a threat risk handling method for a product according to an embodiment of the disclosure.
As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, a business process diagram of each business function of a plurality of business functions of a product is obtained, wherein each business process diagram includes a plurality of elements, and each element includes a plurality of instances.
According to an embodiment of the present disclosure, a product may include a plurality of service functions, and each service function may be a functional module for implementing a different service. For example, the internet financial product may include functional modules for implementing services such as registration, login, personal banking, investment and financing, life payment, account management, money transfer and remittance, balance inquiry, and the like. For each business function, a business flow diagram can be drawn according to the business logic of the business function.
Fig. 3 schematically illustrates a business flow diagram of a login service according to an embodiment of the present disclosure.
As shown in fig. 3, taking the login service of an internet financial product as an example, the service flow diagram may include various elements, which may include participant entities, activities, service flows, and data storage entities, for example, each element being represented using a different symbol.
According to an embodiment of the present disclosure, a participant entity may be represented in a service flow diagram using a box, where the participant entity may be used to represent an external entity participating in the login service. Examples of participant entities may include, for example, terminal devices, OTP (One Time Password, OTP for short) tokens, and the like.
According to the embodiment of the present disclosure, a circle may be used in the business flow diagram to represent an activity in the login business, where the activity may be used to represent a single business service or process in the login business. Examples of activities in the login service may include, for example, login authentication, dynamic password authentication, and the like.
According to the embodiment of the present disclosure, a solid arrow may be used in the service flow chart to represent a service flow in the login service, where the service flow is used to represent a front-back order in which the service logic in the login service circulates in the system. For example, login authentication and dynamic password authentication represent different activities, and the login authentication and the dynamic password authentication may be connected using a service flow according to the order of the service logic of the login authentication and dynamic password authentication services. As shown in fig. 3, according to the service logic, the login authentication sends a one-time password to the dynamic password authentication, and the arrow of the service flow points to the dynamic password authentication. And the dynamic password authentication returns an authentication result to the login authentication, and an arrow of the service flow points to the login authentication.
According to the embodiment of the present disclosure, a data storage entity may be represented by two parallel lines in a service flow diagram, where the data storage entity may be used to represent an internal entity that stores service data of the login service. Examples of data storage entities may include, for example, databases, message queues, files, and the like. In particular, a label may be added between the two parallel lines, and the label may indicate that the data storage entity is a database, a message queue, or a file. As shown in fig. 3, the data storage entity may be a database.
The business flow diagram of the logon service shown in FIG. 3 may show the processes that facilitate the system, may determine the responses that each process generates and/or sends, may identify the source of the business data for each request and response, and identify the recipient of each response, in accordance with embodiments of the present disclosure.
According to the embodiment of the disclosure, the business flow chart may further include a trusted boundary, and the trusted boundary may divide the business flow chart into a plurality of trusted ranges. The business flow graph may include a plurality of trusted boundaries, which may be sequentially divided from left to right, for example, a left area of the leftmost trusted boundary may be a trusted range, a right area of the rightmost trusted boundary may be a trusted range, and an area between every two adjacent trusted boundaries may be a trusted range.
As shown in FIG. 3, the range to the left of the first confidence boundary may be a confidence range, the range between the first boundary and the second boundary may be a confidence range, and the range to the right of the second boundary may be a confidence range. Elements within the same trust range are mutually trusted. For example, the terminal device and the OTP token in fig. 3 are in the same trusted domain, and both are mutually trusted.
According to the embodiment of the disclosure, the credible boundary can be a position where different instances interact with each other, and since most threat risks have behaviors crossing the credible boundary, the credible boundary is an optimal position for identifying the threat risks. The trusted boundaries can be used to quickly determine instances of the business process diagram that require threat analysis. For example, the instances of the interactions in fig. 3 may be determined as instances that need threat analysis, and the traffic flow intersecting the first boundary may also be determined as an instance that needs threat analysis.
According to the embodiment of the present disclosure, the business flow chart of the services such as registration, personal banking, investment and financing, life payment, account management, transfer remittance, balance inquiry and the like may also include multiple elements, each element may include multiple instances, each instance may be connected through a business flow according to the sequence of business logic, and a trusted boundary for dividing different trusted ranges, which is not described herein again.
According to the embodiment of the disclosure, the service route graph is a model when the service process design is performed at the service design stage in the development cycle of the application system of the product, because the threat risk may appear in the service process at the earliest, the threat risk is found in the service process graph, and the potential safety hazard can be blocked earlier. Compared with the mode that the security code audit is often developed in the development stage or the security test is developed in the test stage to improve the system security in the related technology, the embodiment of the disclosure can ensure the comprehensiveness of the risk analysis by using the business flow chart to identify the threat risk in the initial stage of the business design, avoid the problem of greatly reduced and even missing system security caused by insufficient design of the business security risk, and improve the system security.
In operation S202, a threat list of the product is generated according to each business flowchart and a threat library, wherein the threat library includes a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list includes: a plurality of business functions, a plurality of instances in the business flow graph corresponding to each business function, and a plurality of threat risks corresponding to each instance.
According to the embodiment of the disclosure, the threat library may be a database which is constructed according to a general business flow diagram and can cover all threat risks in each business of a product, wherein the threat library may further include a corresponding relationship between each element and the threat risk.
According to an embodiment of the present disclosure, the threat repository may further include a category to which each threat risk belongs, and the categories of the threat risks may include, for example: one or more of identity fraud, privacy violation, transaction denial, rights escalation, resource abuse, malicious input, and information disclosure.
Wherein, identity fraud can represent false counterfeiting, disguising or pretending to be other person identity; privacy violation may mean violating user privacy security, such as unauthorized, out-of-range collection of customer information; transaction denial can mean to deny the behavior of oneself, declare oneself has not done something; the permission promotion can indicate that higher system permission is acquired; resource abuse can represent any occupied system resource information; malicious input can represent input of information which influences normal operation of the system and violates laws and regulations; an information leak may indicate that sensitive information of a customer or system is leaked.
According to an embodiment of the present disclosure, the threat repository may include a correspondence of each element to a threat category that the element faces. The threat repository may include, for example, table 1 below.
Table 1 schematically shows the correspondence of each element with the threat category that the element faces, according to an embodiment of the present disclosure.
TABLE 1
Figure BDA0002480143660000091
As shown in table 1, the plurality of threat risk categories corresponding to each element may represent a plurality of threat risks that the element may face, and the symbol "v" is used below the threat risk category corresponding to each element in table 1 to represent the correspondence between each element and the plurality of threat risk categories. Other symbols may be used to represent the correspondence between each element and multiple threat risk categories, and this disclosure is not limited thereto.
As shown in table 1, the types of threat risks facing a participant instance may include: identity fraud, transaction denial, and malicious entry. For example, the participant may be counterfeited and repudiate the behavior initiated by the participant.
The types of threat risks faced by the activity may include one or more of the following: identity fraud, privacy violation, transaction denial, authority elevation, resource abuse, malicious input, and information disclosure.
The types of threat risks faced by the traffic flow may include one or more of: privacy violation, transaction denial, resource abuse, malicious input, and information disclosure.
The types of threat risks faced by a data storage entity may include one or more of: privacy violation, transaction denial, resource abuse, malicious input, and information disclosure.
According to an embodiment of the present disclosure, the threat repository may further include specific threat risks included in the individual threat risk categories. For example, the threat risk category faced by a database instance in a login service may include information leakage, and the specific threat risk of information leakage may include: database information leaks, sensitive information is displayed in clear text, and the like. The threat repository may further include a threat description of the specific threat risk and an attack method, for example, the specific threat risk is database information leakage, the threat description may be, for example, database version leakage, and the attack method may be, for example, database version leakage when database alarms.
According to the embodiment of the disclosure, the threat risk corresponding to each instance in the business process diagram can be searched from the threat library according to the element to which the instance belongs.
According to the embodiment of the disclosure, which aspects may have security problems during the business design period can be concerned through the business flow chart and the threat library, the business security threats are abstracted and structured in a mode of constructing the threat library, the threat range is determined, the threats are tracked and updated in a mode of tables and lists, and the threats are identified and managed in the early stage of the business design. And by constructing a threat library, software requirement design and safety test design can be guided, which aspects of service safety threats the software system may face are determined, and a targeted test case is designed.
FIG. 4 schematically illustrates a flow diagram of a method of generating a threat list for a product according to an embodiment of the disclosure.
As shown in fig. 4, the method may include operations S401 to S404.
In operation S401, a target instance in each business process diagram is determined, wherein the target instance includes an instance included by the participant entity, an instance included by the activity, an instance included by the data storage entity, and a business flow crossing a trusted boundary in each business process diagram.
According to the embodiment of the disclosure, the target instance which needs to be subjected to threat analysis can be quickly determined according to the credible boundary in the business flow chart. As shown in fig. 3, the target instance may include the terminal device and OTP token in the participant entity, login authentication and dynamic password authentication in the event, a database in the data storage entity, a traffic flow intersecting the first boundary and a traffic flow intersecting the second boundary.
In operation S402, the element class to which the target instance belongs is determined.
According to the embodiment of the disclosure, the element to which each target instance belongs can be determined according to fig. 3. For example, the terminal device belongs to a participant entity, the login authentication belongs to an activity, and so on.
In operation S403, a plurality of threat risks corresponding to each target instance are determined from the threat repository according to the element class to which the target instance belongs.
According to the embodiment of the disclosure, according to threat risks that a participant entity may face in table 1 including identity fraud, transaction denial and malicious input, it may be determined that the threat risks corresponding to the terminal device may include identity fraud, transaction denial and malicious input. According to threat risks that activities in table 1 may face, including identity fraud, privacy violation, transaction denial, authority elevation, resource abuse, malicious input, and information disclosure, it may be determined that threat risks corresponding to login authentication may include identity fraud, privacy violation, transaction denial, authority elevation, resource abuse, malicious input, and information disclosure. The manner of determining the threat risk corresponding to other instances is similar to the manner of determining the threat risk of the terminal device and the login authentication, and is not described herein again.
In operation S404, a threat list is generated according to the business function corresponding to each business flowchart, the target instance of each business flowchart, the element to which each target instance belongs, and a plurality of threat risks corresponding to each target instance.
According to the embodiment of the disclosure, for the service flow graph of each service function, the threat risk corresponding to the target instance in the service flow graph can be searched from the threat library, and the threat list can be generated according to the corresponding relation between the target instance of each service function and the threat risk. Each threat risk in the threat list may represent a potential threat to which the current product is exposed. The threat list may also include categories to which each threat risk belongs.
Table 2 schematically shows a list of threats according to an embodiment of the present disclosure.
TABLE 2
Figure BDA0002480143660000121
As shown in Table 2, R1~R30Representing the individual threat risks faced by current products.
In operation S203, a risk assessment is performed on each of the threat risks in the threat list to determine a handling policy for handling each of the threat risks.
According to the embodiment of the disclosure, for each threat risk in the threat list, a threat risk assessment may be performed from multiple aspects such as the probability of occurrence of the threat risk, economic loss caused by occurrence of the threat risk, and the like, so as to determine a processing strategy for reducing or eliminating the threat risk according to the assessment result.
According to the embodiment of the disclosure, firstly, the business flow diagrams of each business function of the product are obtained, then the threat risks corresponding to each instance in each business flow diagram are obtained from the threat library, the threat list is generated, and further, risk assessment is performed on each threat risk in the threat list so as to determine a processing strategy for processing each threat risk. According to the embodiment of the disclosure, the threat risk in the business flow chart can be automatically determined through the threat library, the risk evaluation is carried out on the threat risk, the processing strategy of the threat risk is determined, the threat risk can be efficiently and accurately identified and processed, and the system security is improved.
FIG. 5 schematically shows a flowchart of a method of obtaining a business flow diagram for each business function in a product according to an embodiment of the disclosure.
As shown in fig. 5, the method may include operations S501 to S502.
In operation S501, a business logic diagram of the product is obtained, where the business logic diagram includes a plurality of business functions of the product.
According to the embodiment of the disclosure, in the development cycle of a product, requirements are initially provided by a demander, and then a business architecture is designed by a designer. And in the stage of providing requirements for the product or designing a service architecture, a service logic diagram of the product can be obtained according to the application scene of the product.
FIG. 6 schematically shows a business logic diagram of a product according to an embodiment of the disclosure.
As shown in fig. 6, the business logic diagram of the product may include services such as registration, login, personal banking, investment and financing, life payment, account management, money transfer remittance, balance inquiry and the like according to the application scenario of the product.
In operation S502, for each of the business functions, a business flow diagram of each of the business functions is generated.
According to the embodiment of the disclosure, for each service function in the service logic diagram, a service flow diagram corresponding to the service function can be generated according to the service logic. For example, a business flow diagram as shown in FIG. 3 may be generated for a login business in a product.
FIG. 7 schematically illustrates a flow chart of a method of threat assessment for each threat risk in a list of threats, in accordance with an embodiment of the present disclosure.
As shown in fig. 7, the method may include operations S701 to S703.
In operation S701, a threat score is calculated for each threat risk in the list of threats.
According to the embodiment of the disclosure, for each threat risk in table 2, the threat risk may be quantified according to the probability of the threat and the severity of the accident caused after the threat occurs, so as to obtain the threat score of the threat.
Fig. 8 schematically illustrates a flow chart of a method of calculating a threat score for each threat risk in a list of threats according to an embodiment of the present disclosure.
As shown in fig. 8, the method may include operations S801 to S803.
In operation S801, an occurrence probability of each threat risk is determined according to one or more of a recurrence difficulty, a discovery difficulty, a utilization difficulty, an attack technology maturity, an attack technology difficulty, and a hazard of each threat risk.
According to the embodiment of the disclosure, the difficulty level of the threat risk can be determined according to the recurrence difficulty, the discovery difficulty and the utilization difficulty of the threat risk. The recurrence difficulty may represent a technical difficulty of recurrence of the threat risk for an attacker, the discovery difficulty may represent a difficulty of discovery of the threat risk for a defender, and the utilization difficulty may represent a difficulty of utilization of the threat risk to cause an accident for the attacker.
According to the embodiment of the disclosure, each of the three indexes of the reproduction difficulty, the discovery difficulty and the utilization difficulty can represent the degree of each index by a range. For example, the reproduction difficulty [0, 4] may indicate that the reproduction difficulty may have five degree values of 0, 1, 2, 3, 4, and the greater the degree value, the higher the reproduction difficulty. For another example, the difficulty of finding [0, 4] may indicate that the difficulty of reproduction may have five degree values of 0, 1, 2, 3, 4, and the greater the degree value, the greater the difficulty of finding. The utilization difficulty [0, 4] can indicate that the utilization difficulty can have five degree values of 0, 1, 2, 3 and 4, and the larger the degree value is, the higher the utilization difficulty is.
According to the embodiment of the present disclosure, the difficulty level of the threat risk may be represented by the letter T, and the difficulty levels with different degrees may be represented by T [0, 4], where the greater the degree value, the more difficult the threat risk is, the difficulty level of the threat risk may be represented by the following formula (one):
Figure BDA0002480143660000141
according to the embodiment of the disclosure, the attack factor of the threat risk can be determined according to the attack technology maturity, the attack technology difficulty and the harm degree of the threat risk. The attack technology maturity may indicate whether an attack method for the threat risk is mature, the attack technology difficulty may indicate a technical requirement for the attack method for the threat risk, and the damage degree may indicate a size of a loss caused by the threat risk.
According to the embodiment of the disclosure, each index of the three indexes of the maturity of the attack technology, the difficulty of the attack technology and the degree of harmfulness can also represent the degree of each index by using a range. For example, the attack technology maturity [0, 4] can indicate that the attack technology maturity can be five degrees of 0, 1, 2, 3, 4, and the greater the degree value, the higher the attack technology maturity. The attack technology difficulty [0, 4] can indicate that the attack technology difficulty can have five degrees of 0, 1, 2, 3 and 4, and the greater the degree value, the higher the attack technology difficulty. The degree of harmfulness [0, 4] may indicate that the degree of harmfulness may be five degrees, i.e., 0, 1, 2, 3, 4, and the larger the degree value, the higher the degree of harmfulness.
According to the embodiment of the present disclosure, the attack factor of the threat risk may be represented by a letter a, and attack factors of different degrees may be represented by a [0, 4], where the greater the degree value is, the greater the attack factor is, the attack factor of the threat risk may be represented by the following formula (two):
Figure BDA0002480143660000151
according to the embodiment of the present disclosure, the probability of occurrence of the threat risk may be represented by a letter P, and the probabilities of different degrees may be represented by P [0, 4], where the greater the degree value is, the greater the probability of occurrence of the threat risk is, and the probability of occurrence of the threat risk may be represented by the following formula (three):
Figure BDA0002480143660000152
in operation S802, a severity of an incident at each threat risk is determined based on one or more of a potential loss at each threat risk, an asset value of an affected user and a product at each threat risk.
According to the embodiment of the disclosure, the potential loss caused by the threat risk can be determined according to whether other products with the same service function as the current product face the same threat risk. The indicator of the potential loss caused by the threat risk may also be represented by a range, for example, the potential loss [0, 4] may represent that the potential loss may have five degrees of 0, 1, 2, 3, 4, and the greater the value of the degree, the higher the potential loss.
According to embodiments of the present disclosure, affected users of the threat risk may be determined according to audience users of the product. The core degree and the user amount of the affected user can be represented by a degree range, for example, the affected user [0, 4] can represent that the affected user has five degrees of 0, 1, 2, 3, 4, and the larger the degree value, the higher the core degree or the larger the number of the affected users.
According to the embodiment of the disclosure, the size of the asset value of the product can be represented by a range of degrees, for example, the asset value [0, 4] can represent that the asset value of the product can have five degrees of 0, 1, 2, 3, 4, and the greater the degree value, the higher the asset value of the product.
According to the embodiment of the present disclosure, the letter D may be used to indicate the severity of the accident caused by the occurrence of the threat risk, D [0, 4] may be used to indicate the severity of the accident caused by the occurrence of the threat risk in different degrees, and the greater the degree, the higher the severity of the accident, the severity of the accident caused by the occurrence of the threat risk may be expressed by the following formula (four):
Figure BDA0002480143660000161
in operation S803, a threat score for each threat risk is calculated according to the occurrence probability of each threat risk and the severity of the accident caused by each threat risk.
According to an embodiment of the present disclosure, the threat score of a threat risk is represented by the letter Q, and threat scores of different degrees are represented by Q [0, 16], and the greater the degree, the higher the threat score, the threat score Q may be represented by the following formula (five):
q (0, 16) ═ P [0, 4] × D [0, 4] formula (five)
When the degree value of the threat score Q is 0, it indicates that the threat risk can be ignored, and when the degree value of the threat score Q is 16, it indicates that the threat risk needs to be processed with emphasis.
With threat risk R in Table 2, according to an embodiment of the disclosure5For example, the recurrence difficulty of the threat risk [0, 4] may be set]1, difficulty of finding [0, 4]]1, difficulty of use [0, 4]]1, maturity of attack technique [0, 4 ═ c]3, technical difficulty of attack [0, 4]3, hazard degree [0, 4%]3, potential loss [0, 4 ═ d]3, affected user [0, 4 ═ c]Value of assets [0, 4] 1]The threat risk R can be found according to the above formula 45Has a threat score of Q [0, 16]]=4.62。
In operation S702, a threat handling level for each threat risk is calculated based on the threat score for each threat risk and the weight of the business function corresponding to each threat risk.
According to the embodiment of the disclosure, after quantifying each threat risk in table 2, the business function corresponding to each threat risk, for example, threat risk R, may be determined according to table 21~R30The corresponding service function is a login service.
According to the embodiment of the disclosure, each business function in the product is provided with a corresponding weight, and the product of the threat score of the threat risk and the weight of the business function corresponding to the threat risk can be adopted to represent the threat processing level of the threat risk.
In operation S703, a handling policy for handling each threat risk is determined according to the threat handling level of each threat risk.
According to the embodiment of the disclosure, for the threat processing level of each threat risk, the cost for adopting the corresponding processing strategy can be calculated, the control strength after adopting the corresponding processing strategy is evaluated, and the processing strategy for each threat risk is comprehensively determined so as to reduce or eliminate the threat risk according to the processing strategy. The control intensity after the corresponding processing strategy is adopted can be determined according to the probability and frequency of recurrence of each threat risk after each processing strategy is adopted and the loss range caused by the recurrence.
FIG. 9 schematically illustrates a flow chart of a method of calculating a threat handling level for each threat risk according to an embodiment of the disclosure.
As shown in fig. 9, the method may include operations S901 to S903.
In operation S901, a business logic diagram of a product is obtained, where the business logic diagram includes a plurality of business functions of the product.
Following the above example, the business logic diagram of the product is shown in FIG. 6. According to the sequence of the business logic, the business with the business logic in front is the front business, and the business with the business logic in back is the back business. For example, as shown in fig. 6, the registration service is a front-end service of all other services in the logic diagram, the login service is a back-end service of the registration service, and the login service is a front-end service of the personal banking service, the life payment service, and the account management service at the same time.
In operation S902, a weight of each of the plurality of business functions is determined according to a logical order of the plurality of business functions in the business logic diagram.
According to the embodiment of the disclosure, the weight can be set for each service in sequence according to the front-back order of the service logic, specifically, the front-end service is required to be performed first when the rear-end service is performed, the wider the front-end service is exposed, the higher the possibility of being attacked is, and if one service is the front-end service with more services, the heavier the weight of the service is. As shown in the service logic diagram of fig. 6, the weight of the registered service is the largest, and the weights of other services are sequentially reduced. For example, W represents a weight, the weight of the registration service may be set to W4, the weight of the login service may be set to W3, the weights of the personal banking service and the account management service may be set to W2, and the weights of the investment finance service, the money transfer service, and the balance inquiry service may be set to W1.
In operation S903, a threat processing level of each threat risk is calculated according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
Following the above example, R in the threat list, according to an embodiment of the disclosure1~R30All belong to the risk of logging in the service, R1~R30The threat handling level for each threat risk in (a) may be the product of the threat score for that threat risk and the weight of the login traffic.
FIG. 10 schematically illustrates a flow chart of a method of determining a handling policy for handling each threat risk according to an embodiment of the disclosure.
As shown in fig. 10, the method may include operations S1001 to S1003.
In operation S1001, for each threat risk, a cost of adopting each processing strategy is calculated.
According to the embodiment of the disclosure, the cost required for adopting each processing measure can be calculated for each threat risk so as to provide reference for enterprise budget and final decision.
In operation S1002, the control strength of each process strategy is determined according to the probability and frequency of recurrence of each threat risk after each process strategy is adopted and the range of loss caused after the recurrence.
According to the embodiment of the disclosure, for each threat risk, the probability of recurrence of the threat risk and the frequency of recurrence of the threat risk after each treatment measure is adopted can be evaluated, the maximum loss and the minimum loss caused by the threat risk can be estimated according to the probability and the frequency of recurrence of the threat risk, and the control strength corresponding to each treatment strategy adopted by the threat risk is determined according to the probability of recurrence of the threat risk, the frequency of recurrence and the range of possible losses after each treatment measure is adopted by the threat risk.
In operation S1003, an optimal process policy is determined according to the threat process level of each threat risk, the cost of each process policy, and the control strength of each process policy.
According to the embodiment of the disclosure, for each threat risk, according to the threat treatment level of the threat risk, the cost of each treatment measure taken and the control strength corresponding to each treatment measure taken, the optimal treatment strategy taken for the threat risk can be comprehensively determined.
FIG. 11 schematically illustrates a flow chart of a method of demonstrating threat risk in accordance with an embodiment of the present disclosure.
As shown in fig. 11, the method may include operations S1101 to S1103.
In operation S1101, a level of each threat risk is determined according to the threat score of each threat risk.
According to the embodiment of the present disclosure, after the threat score Q [0, 16] of each threat risk is calculated in operation S203, the score Q [0, 16] of each threat risk may be divided into three score intervals [0, 5], [6, 11], [12, 16], and according to the score interval in which the threat score of each threat risk is located, the level of the threat risk may be determined. Specifically, the threat risk with the threat score in the score interval [0, 5] can determine that the threat risk is low-risk, the threat risk with the threat score in the score interval [6, 11] can determine that the threat risk is medium-risk, and the threat risk with the threat score in the score interval [12, 16] can determine that the threat risk is high-risk.
In operation S1102, each threat risk is classified according to the business function, so as to obtain a threat risk of each business function.
According to an embodiment of the present disclosure, by each of the threat listsAnd the service functions corresponding to the threat risks can classify and aggregate the threat risks. For example, threat risk R1~R30All correspond to login service, and threat risk R can be obtained1~R30And classifying the threat risk of the login service.
In operation S1103, the threat risk of each service function and the different levels of the threat risk of each service function are displayed in a manner of a rose diagram, where the rose diagram includes a plurality of sectors, each sector is used for representing the service function corresponding to each sector, each sector includes different identifiers, the different identifiers are used for representing the different levels of the threat risk, and an area occupied by each identifier in the different identifiers is used for representing the number of the threat risks of the level corresponding to each identifier.
Fig. 12 schematically illustrates a rose diagram according to an embodiment of the disclosure.
As shown in fig. 12, the rose diagram includes a plurality of sectors, each sector corresponds to a service function, angles of the sectors may be the same, and threat risks of each service function are aggregated into the sector corresponding to the service function. The relative threat risks of different business functions can be seen in FIG. 12
According to the embodiment of the present disclosure, different symbols may be used to represent different levels of risk, as shown in fig. 12, a triangle may represent a threat risk level of high risk, a circle may represent a threat risk level of medium risk, and a box may represent a threat risk level of low risk. Different colors may also be used to represent different levels of risk, which is not limited by this disclosure.
According to the embodiment of the disclosure, for each sector, the area occupied by all the identifiers in the sector is proportional to the number of threat risks belonging to the sector. The number of threat risks of each business function can be intuitively reflected according to the size of the area occupied by all the identifiers in each sector.
Further, for each marker in each sector, the area occupied by the marker is proportional to the number of threat risks represented by the marker. For example, in a sector corresponding to the login service, the area occupied by a triangle is in direct proportion to the number of high-risk threat risks in the login service, the area occupied by a circle is in direct proportion to the number of medium-risk threat risks in the login service, and the area occupied by a square frame is in direct proportion to the number of low-risk threat risks in the login service. The number of threat risks of each level in each sector can be intuitively reflected according to the area occupied by each identifier in each sector.
According to the embodiment of the present disclosure, after determining the processing policy for processing each threat risk in operation S203, the method further includes: generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each threat risk, a level of each threat risk, a description of each said threat risk, and a handling policy for each threat risk.
Table 3 schematically illustrates a threat risk report according to an embodiment of the disclosure.
TABLE 3
Figure BDA0002480143660000201
According to an embodiment of the disclosure, each threat risk, each category of threat risk, a description of each threat risk, a level of each threat risk, a handling policy of each threat risk, and a level of the handling policy may be included in the threat risk assessment report.
In particular, different treatment strategies may be adopted for different threat risks, for example, some threats may not be eradicated, for which risks, the chances of these threats occurring may be reduced, or the thresholds for the threats occurring may be raised. For another example, there are some threats that, although present, have a low probability of occurrence and, once they occur, they pose little harm. Acceptance may be selected for this threat. Based on this, the level of processing policy may include avoidance, transfer, mitigation, and acceptance.
FIG. 13 schematically illustrates a block diagram of a threat risk processing apparatus for a product, in accordance with an embodiment of the present disclosure.
As shown in fig. 13, the threat risk processing apparatus 1300 for a product includes an acquisition module 1301, a first generation module 1302, and an evaluation module 1303.
The obtaining module 1301 is configured to obtain a business process flow of each business function in a plurality of business functions of a product, where each business process flow includes a plurality of elements, and each element includes a plurality of instances.
The first generating module 1302 is configured to generate a threat list of a product according to each business flowchart and a threat library, wherein the threat library includes a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list includes: a plurality of business functions, a plurality of instances in the business flow graph corresponding to each business function, and a plurality of threat risks corresponding to each instance.
The evaluation module 1303 is configured to perform a risk evaluation on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks.
According to an embodiment of the present disclosure, the plurality of elements include a participant entity, an activity, a business flow, and a data storage entity, and the business flow graph further includes a trusted boundary, and the trusted boundary is used to divide the business flow graph into a plurality of trusted ranges.
The first generation module 1302 includes: the device comprises a first determining unit, a second determining unit, a third determining unit and a first generating unit.
The first determining unit is used for determining a target instance in each business flow diagram, wherein the target instance comprises an instance included by a participant entity, an instance included by an activity, an instance included by a data storage entity and a business flow crossing a credible boundary in each business flow diagram.
The second determination unit is used for determining the element type to which the target instance belongs.
The third determining unit is used for determining a plurality of threat risks corresponding to each target instance from the threat library according to the element types to which the target instances belong.
The first generating unit is used for generating a threat list according to the business function corresponding to each business flow chart, the target instance of each business flow chart, the element to which each target instance belongs and a plurality of threat risks corresponding to each target instance.
According to the embodiment of the present disclosure, the evaluation module 1303 includes: a first calculating unit, a second calculating unit and a fourth determining unit.
The first computing unit is used for computing a threat score of each threat risk in the threat list.
The second calculation unit is used for calculating the threat processing level of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
The fourth determining unit is used for determining a processing strategy for processing each threat risk according to the threat processing level of each threat risk.
According to an embodiment of the present disclosure, the first calculation unit includes a first determination subunit, a second determination subunit, and a first calculation subunit.
The first determining subunit is used for determining the occurrence probability of each threat risk according to one or more of the recurrence difficulty, the discovery difficulty, the utilization difficulty, the attack technology maturity, the attack technology difficulty and the hazard degree of each threat risk.
The second determining subunit is used for determining the severity of the accident caused by each threat risk according to one or more of the potential loss caused by each threat risk, and the asset value of the affected users and products of each threat risk.
The first computing subunit is used for computing the threat score of each threat risk according to the occurrence probability of each threat risk and the severity of the accident caused by each threat risk.
According to an embodiment of the present disclosure, the second calculation unit includes an acquisition subunit, a third determination subunit, and a second calculation subunit.
The obtaining subunit is configured to obtain a business logic diagram of the product, where the business logic diagram includes a plurality of business functions of the product.
The third determining subunit is configured to determine a weight of each of the plurality of service functions according to a logic order of the plurality of service functions in the service logic diagram.
And the second calculation subunit is used for calculating the threat processing level of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
According to an embodiment of the present disclosure, the fourth determination unit includes: a third calculation subunit, a fourth determination subunit and a fifth determination subunit.
The third computing subunit is configured to compute, for each threat risk, a cost of adopting each of the processing strategies.
And the fourth determining subunit is used for determining the control strength of each processing strategy according to the probability and frequency of recurrence of each threat risk after each processing strategy is adopted and the loss range caused after the recurrence.
The fifth determining subunit is configured to determine an optimal processing strategy according to the threat processing level of each threat risk, the cost of each processing strategy, and the control strength of each processing strategy.
According to an embodiment of the present disclosure, the threat risk processing apparatus 1300 for a product further includes: the device comprises a second determining module, a classifying module and a displaying module.
The second determination module is to determine a level of each threat risk based on the threat score of each threat risk.
The classification module is used for classifying each threat risk according to the service function to obtain the threat risk of each service function.
The display module is used for displaying the threat risk of each service function and different levels of the threat risk of each service function in a rose diagram mode, wherein the rose diagram comprises a plurality of sectors, each sector is used for representing the service function corresponding to each sector, each sector comprises different identifications, the different identifications are used for representing the threat risks at different levels, and the area occupied by each identification in the different identifications is used for representing the number of the threat risks at the level corresponding to each identification.
According to an embodiment of the present disclosure, the threat risk processing apparatus 1300 for a product further includes: a second generating module for generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each threat risk, a level of each threat risk, a description of each said threat risk, and a handling policy for each threat risk.
According to the embodiment of the present disclosure, the obtaining module 1301 includes an obtaining unit and a second generating unit.
The obtaining unit is configured to obtain a business logic diagram of the product, where the business logic diagram includes a plurality of business functions of the product.
The second generating unit is used for generating a business flow chart of each business function aiming at each business function.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the obtaining module 1301, the first generating module 1302 and the evaluating module 1303 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the obtaining module 1301, the first generating module 1302, and the evaluating module 1303 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or in a suitable combination of any of them. Alternatively, at least one of the obtaining module 1301, the first generating module 1302 and the evaluating module 1303 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
It should be noted that, the threat risk processing apparatus part for a product in the embodiment of the present disclosure corresponds to the threat risk processing method part for a product in the embodiment of the present disclosure, and the description of the threat risk processing apparatus part for a product specifically refers to the data processing method part, and is not described herein again.
FIG. 14 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure. The computer system illustrated in FIG. 14 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 14, a computer system 1400 according to an embodiment of the present disclosure includes a processor 1401, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1402 or a program loaded from a storage portion 1408 into a Random Access Memory (RAM) 1403. Processor 1401 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1401 may also include onboard memory for caching purposes. Processor 1401 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the present disclosure.
In the RAM 1403, various programs and data necessary for the operation of the system 1400 are stored. The processor 1401, the ROM1402, and the RAM 1403 are connected to each other by a bus 1404. The processor 1401 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM1402 and/or the RAM 1403. Note that the programs may also be stored in one or more memories other than ROM1402 and RAM 1403. The processor 1401 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, system 1400 may also include an input/output (I/O) interface 1405, which input/output (I/O) interface 1405 is also connected to bus 1404. The system 1400 may also include one or more of the following components connected to the I/O interface 1405: an input portion 1406 including a keyboard, a mouse, and the like; an output portion 1407 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker and the like; a storage portion 1408 including a hard disk and the like; and a communication portion 1409 including a network interface card such as a LAN card, a modem, or the like. The communication section 1409 performs communication processing via a network such as the internet. The driver 1410 is also connected to the I/O interface 1405 as necessary. A removable medium 1411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1410 as necessary, so that a computer program read out therefrom is installed into the storage section 1408 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1409 and/or installed from the removable medium 1411. The computer program, when executed by the processor 1401, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include one or more memories other than ROM1402 and/or RAM 1403 and/or ROM1402 and RAM 1403 described above.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (12)

1. A threat risk processing method for a product, comprising:
obtaining a business flow diagram of each business function in a plurality of business functions of the product, wherein each business flow diagram comprises a plurality of elements, and each element comprises a plurality of instances;
generating a threat list for the product from each of the business process graphs and a threat library, wherein the threat library includes a plurality of the elements and a plurality of threat risks corresponding to each of the elements, the threat list including: a plurality of said business functions, a plurality of instances in a business process diagram corresponding to each said business function, and a plurality of threat risks corresponding to each said instance;
performing a risk assessment on each of the threat risks in the list of threats to determine a handling policy for handling each of the threat risks.
2. The method of claim 1, wherein obtaining a business flow graph for each of a plurality of business functions of the product comprises:
acquiring a business logic diagram of the product, wherein the business logic diagram comprises a plurality of business functions of the product;
and generating a business flow chart of each business function aiming at each business function.
3. The method of any of claims 1-2, wherein the plurality of elements includes participant entities, activities, business flows, and data storage entities, the business process graph further includes a trust boundary for dividing the business process graph into a plurality of trust ranges;
the generating a threat list for the product from each of the business process graphs and the threat repository comprises:
determining a target instance in each of the business process graphs, wherein the target instance comprises an instance comprised by the participant entity, an instance comprised by the activity, an instance comprised by the data storage entity, and a business flow that spans the trusted boundary in each of the business process graphs;
determining the element type to which the target instance belongs;
determining a plurality of threat risks corresponding to each target instance from the threat library according to the element types to which the target instances belong; and
and generating the threat list according to the business function corresponding to each business flow chart, the target instance of each business flow chart, the element to which each target instance belongs and a plurality of threat risks corresponding to each target instance.
4. The method of any of claims 1-3, wherein the threat assessment of each of the threat risks in the list of threats to determine a handling policy for handling each of the threat risks comprises:
calculating a threat score for each of the threat risks in the list of threats;
calculating a threat handling level of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk; and
determining a handling strategy for handling each of the threat risks according to the threat handling level of each of the threat risks.
5. The method of claim 4, wherein the calculating a threat score for each of the threat risks in the list of threats comprises:
determining the occurrence probability of each threat risk according to one or more of the recurrence difficulty, the discovery difficulty, the utilization difficulty, the attack technology maturity, the attack technology difficulty and the hazard degree of each threat risk;
determining a severity of an incident resulting from each of said threat risks from one or more of a potential loss resulting from each of said threat risks, an asset value of an affected user and said product of each of said threat risks; and
calculating a threat score for each of the threat risks based on the probability of occurrence of each of the threat risks and the severity of the accident caused by each of the threat risks.
6. The method of claim 4, wherein said calculating a threat handling level for each said threat risk from a threat score for each said threat risk and a weight for a business function corresponding to each said threat risk comprises:
acquiring a business logic diagram of the product, wherein the business logic diagram comprises a plurality of business functions of the product;
determining the weight of each business function in the plurality of business functions according to the logic sequence of the plurality of business functions in the business logic diagram; and
and calculating the threat processing grade of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
7. The method of claim 4, wherein the determining a handling policy for handling each of the threat risks according to the threat handling level for each of the threat risks comprises:
calculating, for each of the threat risks, a cost of adopting each of the processing strategies;
determining the control intensity of each processing strategy according to the probability and frequency of recurrence of each threat risk after each processing strategy is adopted and the loss range caused by the recurrence; and
and determining an optimal treatment strategy according to the threat treatment level of each threat risk, the cost of each treatment strategy and the control intensity of each treatment strategy.
8. The method of claim 4, further comprising, after calculating a threat score for each of the threat risks in the list of threats:
determining a level of each of the threat risks from the threat scores for each of the threat risks;
classifying each threat risk according to a service function to obtain the threat risk of each service function; and
and displaying the threat risk of each business function and different levels of the threat risk of each business function in a rose diagram mode, wherein the rose diagram comprises a plurality of sectors, each sector is used for representing the business function corresponding to each sector, each sector comprises different identifications, the different identifications are used for representing the threat risks at different levels, and the area occupied by each identification in the different identifications is used for representing the number of the threat risks at the level corresponding to each identification.
9. The method of claim 8, further comprising, after determining a handling policy for handling each of the threat risks:
generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each said threat risk, a level of each said threat risk, a description of each said threat risk, and a handling policy for each said threat risk.
10. A threat risk processing apparatus for a product, comprising:
an obtaining module, configured to obtain a business process flow diagram of each business function in a plurality of business functions of the product, where each business process flow diagram includes a plurality of elements, and each element includes a plurality of instances;
a first generating module configured to generate a threat list for the product according to each of the business process diagrams and a threat library, wherein the threat library includes a plurality of the elements and a plurality of threat risks corresponding to each of the elements, and the threat list includes: a plurality of said business functions, a plurality of instances in a business process diagram corresponding to each said business function, and a plurality of threat risks corresponding to each said instance; and
an evaluation module for performing a risk evaluation on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks.
11. A computer system, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 9.
CN202010379490.6A 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system and medium Pending CN111563254A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010379490.6A CN111563254A (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010379490.6A CN111563254A (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system and medium

Publications (1)

Publication Number Publication Date
CN111563254A true CN111563254A (en) 2020-08-21

Family

ID=72074563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010379490.6A Pending CN111563254A (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system and medium

Country Status (1)

Country Link
CN (1) CN111563254A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113240310A (en) * 2021-05-25 2021-08-10 中国电子科技集团公司第二十九研究所 Method for evaluating threat of group to single target
CN116962090A (en) * 2023-09-21 2023-10-27 华能信息技术有限公司 Industrial Internet security control method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130325545A1 (en) * 2012-06-04 2013-12-05 Sap Ag Assessing scenario-based risks
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN109409892A (en) * 2017-08-15 2019-03-01 凡普互金有限公司 Methods of risk assessment and system
CN109683854A (en) * 2018-12-21 2019-04-26 北京国舜科技股份有限公司 A kind of software security requirement analysis method and system
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130325545A1 (en) * 2012-06-04 2013-12-05 Sap Ag Assessing scenario-based risks
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN109409892A (en) * 2017-08-15 2019-03-01 凡普互金有限公司 Methods of risk assessment and system
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN109683854A (en) * 2018-12-21 2019-04-26 北京国舜科技股份有限公司 A kind of software security requirement analysis method and system
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113240310A (en) * 2021-05-25 2021-08-10 中国电子科技集团公司第二十九研究所 Method for evaluating threat of group to single target
CN113240310B (en) * 2021-05-25 2023-04-07 中国电子科技集团公司第二十九研究所 Method for evaluating threat of group to single target
CN116962090A (en) * 2023-09-21 2023-10-27 华能信息技术有限公司 Industrial Internet security control method and system
CN116962090B (en) * 2023-09-21 2024-02-13 华能信息技术有限公司 Industrial Internet security control method and system

Similar Documents

Publication Publication Date Title
Lagazio et al. A multi-level approach to understanding the impact of cyber crime on the financial sector
Zahra et al. Detecting Covid-19 chaos driven phishing/malicious URL attacks by a fuzzy logic and data mining based intelligence system
US11206280B2 (en) Cyber security threat management
US11240272B2 (en) User responses to cyber security threats
Gaurav et al. A novel approach for DDoS attacks detection in COVID-19 scenario for small entrepreneurs
CN111581643B (en) Penetration attack evaluation method and device, electronic device and readable storage medium
US20230040441A1 (en) Insight generation using personal identifiable information (pii) footprint modeling
CN111563254A (en) Threat risk processing method and apparatus for product, computer system and medium
Calo et al. Is Tricking a Robot Hacking?
Hussain et al. The Consequences of Integrity Attacks on E-Governance: Privacy and Security Violation
Zhang et al. Data breach: analysis, countermeasures and challenges
Kshetri Cybersecurity and development
e Silva How industry can help us fight against botnets: notes on regulating private-sector intervention
Kaur et al. Cybersecurity threats in Fintech
Hussien et al. An overview of fraud applications and software on social media
Grossman Blaming the Victim: How FTC Data Security Enforcement Actions Make Companies and Consumers More Vulnerable to Hackers
Fragniere et al. Network & cyber security in hospitality and tourism
Rajaretnam A review of data governance regulation, practices and cyber security strategies for businesses: An Australian perspective
Kaur et al. Introduction to Cybersecurity
LEITHARDT Performance and security evaluation on a blockchain architecture for license plate recognition systems
Zukarnain Online Identity Theft, Security Issues, and Reputational Damage
Spišiak Assessment of cyber risk in the banking industry
Othman Information Security Management for Cyber Security Challenges in Smart Cities Security and Privacy
Coffey Difficulties in determining data breach impacts
O'Sullivan Cybersecurity deterrents to cybercrimes: An assessment of effectiveness

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination