CN111563254B - Threat risk processing method and apparatus for product, computer system, and medium - Google Patents

Threat risk processing method and apparatus for product, computer system, and medium Download PDF

Info

Publication number
CN111563254B
CN111563254B CN202010379490.6A CN202010379490A CN111563254B CN 111563254 B CN111563254 B CN 111563254B CN 202010379490 A CN202010379490 A CN 202010379490A CN 111563254 B CN111563254 B CN 111563254B
Authority
CN
China
Prior art keywords
threat
risk
business
risks
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010379490.6A
Other languages
Chinese (zh)
Other versions
CN111563254A (en
Inventor
刘婉娇
徐雅静
周芙蓉
叶红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010379490.6A priority Critical patent/CN111563254B/en
Publication of CN111563254A publication Critical patent/CN111563254A/en
Application granted granted Critical
Publication of CN111563254B publication Critical patent/CN111563254B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present disclosure provides a threat risk processing method for a product, comprising: acquiring a business flow chart of each business function in a plurality of business functions of a product, wherein each business flow chart comprises a plurality of elements, and each element comprises a plurality of examples; generating a threat list of the product according to each business flow chart and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element; a risk assessment is performed on each threat risk in the threat list to determine a processing policy for processing each threat risk. The present disclosure also provides a threat risk processing apparatus, a computer system, and a storage medium for a product.

Description

Threat risk processing method and apparatus for product, computer system, and medium
Technical Field
The present disclosure relates to the field of computer technology, and more particularly, to a threat risk processing method and apparatus for a product, a computer system, and a storage medium.
Background
The development of the Internet brings convenience to the life of people and also brings safety risks, and along with the development of the mobile Internet technology, lawbreakers utilize business rule loopholes and technical means to carry out various fraudulent attack behaviors, so that the business threat risks become the problem that the business threat risks cannot be ignored in all industries worldwide.
At present, threat risks in a service are generally identified by means of manual experience, the threat risks are processed by means of technical experience, and the identification and processing efficiency of the threat risks are low and the accuracy is low.
Disclosure of Invention
In view of this, the present disclosure provides a threat risk processing method and apparatus, a computer system, and a storage medium for a product.
One aspect of the present disclosure provides a threat risk processing method applied to a product, comprising: acquiring a business flow chart of each business function in a plurality of business functions of the product, wherein each business flow chart comprises a plurality of elements, and each element comprises a plurality of examples; generating a threat list of the product according to each business flow chart and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list comprises: a plurality of business functions, a plurality of instances in a business flow chart corresponding to each business function, and a plurality of threat risks corresponding to each instance; and carrying out threat assessment on each threat risk in the threat list to determine a processing strategy for processing each threat risk.
Another aspect of the present disclosure provides a threat risk processing apparatus for a product, comprising: an acquisition module, configured to acquire a business flow chart of each business function of a plurality of business functions of the product, where each business flow chart includes a plurality of elements, and each element includes a plurality of instances; a first generating module, configured to generate a threat list of the product according to each of the business flow diagrams and a threat library, where the threat library includes a plurality of elements and a plurality of threat risks corresponding to each of the elements, and the threat list includes: a plurality of business functions, a plurality of instances in a business flow chart corresponding to each business function, and a plurality of threat risks corresponding to each instance; and the evaluation module is used for carrying out risk evaluation on each threat risk in the threat list so as to determine a processing strategy for processing each threat risk.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, are configured to implement a method as described above.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which when executed are for implementing a method as described above.
Another aspect of the present disclosure provides a computer system comprising: one or more processors; and a storage means for storing one or more programs, which when executed by the one or more processors cause the one or more processors to implement the methods as described above.
According to the embodiment of the disclosure, a business flow chart for acquiring each business function of a product is adopted, the threat risks corresponding to each instance in each business flow chart are acquired from a threat library, a threat list is generated, and risk assessment is carried out on each threat risk in the threat list to determine a technical means for processing strategies for processing each threat risk. The threat risk in the business flow chart is automatically determined through the threat library, and the threat risk processing strategy is determined through risk assessment on the threat risk, so that the technical problems of low efficiency and low accuracy caused by manually identifying and processing the threat risk in the related technology are at least partially overcome, and the technical effect of efficiently and accurately identifying and processing the threat risk is achieved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:
FIG. 1 schematically illustrates an exemplary system architecture to which threat risk processing methods and apparatus for a product of embodiments of the present disclosure may be applied;
FIG. 2 schematically illustrates a flow chart of a threat risk processing method for a product to which embodiments of the present disclosure may be applied;
FIG. 3 schematically illustrates a business flow diagram of a login business according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method of generating a threat list for a product in accordance with an embodiment of the disclosure;
FIG. 5 schematically illustrates a flow chart of a method of obtaining a business flow chart for each business function in a product according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a business logic diagram of an article according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart of a method of threat assessment for each threat risk in a threat list in accordance with an embodiment of the disclosure;
FIG. 8 schematically illustrates a flowchart of a method of calculating threat scores for each threat risk in a threat list in accordance with an embodiment of the disclosure;
FIG. 9 schematically illustrates a flowchart of a method of calculating threat processing levels for each threat risk in accordance with an embodiment of the disclosure;
FIG. 10 schematically illustrates a flow chart of a method of determining a processing policy for handling each threat risk in accordance with an embodiment of the disclosure;
FIG. 11 schematically illustrates a flow chart of a method of demonstrating threat risk in accordance with an embodiment of the disclosure;
FIG. 12 schematically illustrates a rose diagram according to an embodiment of the present disclosure;
FIG. 13 schematically illustrates a block diagram of a threat risk processing apparatus for a product in accordance with an embodiment of the disclosure; and
Fig. 14 schematically illustrates a block diagram of a computer system suitable for threat risk processing methods and apparatus for a product in accordance with an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
With the development of mobile internet technology, lawless persons utilize business rule loopholes and technical means to perform weeding, bill swiping, data crawling, account embezzlement, information impossibility, card theft swiping, transaction fraud, false loan application and the like, and even form a black industry chain. The black-grey fraud attacks have covered almost all business scenarios, and it is particularly important for the business provider how to deal with the threat risk in business scenarios in face of frequent business interactions every day.
Based on this, embodiments of the present disclosure provide a threat risk processing method and apparatus for a product. The method includes obtaining a business flow chart for each business function of a plurality of business functions of a product, wherein each business flow chart includes a plurality of elements, each element including a plurality of instances; generating a threat list of the product according to each business flow chart and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list comprises: a plurality of business functions, a plurality of instances in a business flow diagram corresponding to each business function, and a plurality of threat risks corresponding to each instance; performing risk assessment on each threat risk in the threat list to determine a processing strategy for processing each threat risk.
FIG. 1 schematically illustrates an exemplary system architecture 100 to which threat risk processing methods and apparatus for a product of embodiments of the present disclosure may be applied. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a terminal device 101, a server 102, and a database 103. A user may interact with the server 102 through a network using the terminal device 101 to receive or send messages or the like. The server 102 may be a server providing various services, and the server 102 may perform processing such as analysis on received data such as a user request, and feed back the processing result to the terminal device 101. Database 103 may be used to store data such as threat libraries previously constructed by users.
For example, a user may draw a business flow chart using terminal device 101 and then send a request to determine a threat risk in the business flow chart to server 102 through terminal device 101. Server 102 may determine the threat risk in the business flow chart by querying a threat library stored in the database and generate a threat list to feed back to terminal device 101.
For another example, the user may input, using the terminal device 101, one or more of the difficulty of reproduction, difficulty of discovery, difficulty of utilization, maturity of attack technique, difficulty of attack technique, degree of harm, potential loss caused by each threat risk, the affected user of each threat risk, and asset value of the product in the threat list, and then send a request to the server 102 to calculate a threat score for the threat risk through the terminal device 101, and the server 102 may calculate the threat score for each threat risk according to the above information and feed back to the terminal device 101.
It should be noted that the threat risk processing method for a product provided by the embodiments of the disclosure may be generally performed by the server 102. Accordingly, threat risk processing apparatus for products provided by embodiments of the disclosure may be generally disposed in server 102. The threat risk processing method for a product provided by the embodiments of the disclosure may also be performed by a server or cluster of servers other than server 102 and capable of communicating with terminal device 101 and/or server 102. Accordingly, the threat risk processing apparatus for a product provided by the embodiments of the disclosure may also be provided in a server or a server cluster different from the server 102 and capable of communicating with the terminal device 101 and/or the server 102.
It should be understood that the number of terminal devices 101, servers 102 and databases 103 in fig. 1 is merely illustrative. There may be any number of terminal devices 101, servers 102 and databases 103 as desired for implementation.
Fig. 2 schematically illustrates a flow chart of a threat risk processing method for a product in accordance with an embodiment of the disclosure.
As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, a business flow chart of each business function of a plurality of business functions of a product is acquired, wherein each business flow chart includes a plurality of elements, each element including a plurality of instances.
According to embodiments of the present disclosure, an article of manufacture may include a plurality of business functions, each of which may be a functional module for implementing a different business. For example, the internet financial product may include functional modules for performing registration, login, personal banking, investment financing, life payment, account management, transfer of money, balance inquiry, and the like. For each business function, a business flow diagram may be drawn from the business logic of that business function.
Fig. 3 schematically illustrates a business flow diagram of a login business according to an embodiment of the present disclosure.
As shown in fig. 3, taking the login service of the internet financial product as an example, the service flow chart may include a plurality of elements, which may include, for example, participant entities, activities, service flows, and data storage entities, each represented using a different symbol.
According to embodiments of the present disclosure, blocks may be used in a business flow diagram to represent participant entities, where participant entities may be used to represent external entities participating in the login business. Examples of participant entities may for instance comprise terminal devices, OTP (One Time Password, one-time password, OTP token for short) or the like.
According to embodiments of the present disclosure, a circle may be used in a business flow diagram to represent an activity in the login business, where the activity may be used to represent a single business service or process in the login business. Examples of activities in the login service may include, for example, login authentication, dynamic password authentication, and the like.
According to the embodiment of the disclosure, the traffic flow in the login service can be represented by a solid arrow in a traffic flow chart, wherein the traffic flow is used for representing the sequence of the traffic logic in the login service before and after the traffic logic flows in the system. For example, the login authentication and the dynamic password authentication represent different activities, and the login authentication and the dynamic password authentication may be connected using a service flow according to the order of the service logic of the login authentication and the dynamic password authentication service. As shown in fig. 3, according to the service logic, the login authentication sends a one-time password to the dynamic password authentication, and the arrow of the service flow points to the dynamic password authentication. The dynamic password authentication returns an authentication result to the login authentication, and an arrow of the service flow points to the login authentication.
According to embodiments of the present disclosure, two parallel lines may be used in a business flow diagram to represent data storage entities, where the data storage entities may be used to represent internal entities storing business data for the login business. Examples of data storage entities may include, for example, databases, message queues, files, and the like. Specifically, a label may be added between two parallel lines, where the label may indicate that the data storage entity is a database, a message queue, or a file. As shown in fig. 3, the data storage entity may be a database.
According to embodiments of the present disclosure, the business flow diagram of the login business shown in fig. 3 may show processes pushing the push system, may determine responses generated and/or sent by each process, may identify the source of business data for each request and response, and may identify the recipient of each response.
According to embodiments of the present disclosure, a trusted boundary may also be included in the business flow diagram, which may divide the business flow diagram into a plurality of trusted ranges. The business flow diagram may include a plurality of trusted boundaries, which may divide the business flow diagram sequentially, for example, in a left-to-right order, a left-most area of the trusted boundaries may be a trusted range, a right-most area of the trusted boundaries may be a trusted boundary, and an area between every two adjacent trusted boundaries may be a trusted range.
As shown in fig. 3, the range to the left of the first trusted boundary may be a trusted range, the range between the first boundary and the second boundary may be a trusted range, and the range to the right of the second boundary may be a trusted range. Elements that are within the same trust range are mutually trusted. For example, the terminal device and the OTP token in fig. 3 are within the same trusted range, both being mutually trusted.
According to embodiments of the present disclosure, trusted boundaries may be the locations where different instances interact with each other, as most threat risks have a behavior that crosses the trusted boundary, the trusted boundary is the best location to identify threat risks. Instances of the business flow diagram that require threat analysis can be quickly determined using trusted boundaries. For example, the instance of each interaction in FIG. 3 may be determined to be the instance for which threat analysis is desired, traffic flows intersecting a first boundary may also be determined, and traffic flows intersecting a second boundary may be determined to be the instance for which threat analysis is desired.
According to the embodiment of the disclosure, the service flow chart of the services such as registration, personal banking, investment financial accounting, life payment, account management, transfer and remittance, balance inquiry and the like may also include a plurality of elements, each element may include a plurality of examples, each example may be connected through a service flow according to the front-to-back sequence of service logic, and trusted boundaries for dividing different trusted ranges are not repeated here.
According to the embodiment of the disclosure, the business path diagram is a model when business process design is performed in a business design stage in a development cycle of an application system of a product, because threat risks may occur in the business process at the earliest, and the threat risks are found in the business path diagram, so that potential safety hazards can be blocked earlier. Compared with the mode that security code audit is often carried out in a development stage or security test is carried out in a test stage in the related art to improve system security, the method for identifying threat risks by using the business flow chart in the early stage of business design can ensure comprehensiveness of risk analysis, avoid the problem that system security is greatly reduced or even lost due to insufficient business security risk design, and improve system security.
In operation S202, a threat list of the product is generated according to each business flow chart and a threat library, wherein the threat library includes a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list includes: a plurality of business functions, a plurality of instances in a business flow diagram corresponding to each business function, and a plurality of threat risks corresponding to each instance.
According to the embodiment of the disclosure, the threat library may be a database constructed according to a general service flow chart and capable of covering all threat risks in each service of the product, wherein the threat library may further include a correspondence between each element and the threat risk.
According to an embodiment of the present disclosure, the threat library may further include a category to which each threat risk belongs, and the category of threat risk may include, for example: one or more of identity fraud, privacy infringement, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure.
Wherein identity fraud may represent impersonation, disguising, or impersonating the identity of other people; privacy violations may represent violations of user privacy security, such as unauthorized, oversubscription of customer information; whether the transaction approves or not can mean that the behavior of the transaction is denied, and the transaction declares that the transaction does not do something; the rights promotion may indicate that higher system rights are acquired; resource abuse may represent any occupancy of system resource information; malicious input can indicate that information affecting normal operation of the system violates laws and regulations and the like is input; information leakage may represent leakage of sensitive information of a client or system.
According to embodiments of the present disclosure, the threat library may include a correspondence of each element to the threat categories faced by the element. The threat library may include, for example, table 1 below.
Table 1 schematically illustrates the correspondence of each element to the threat categories faced by the element according to an embodiment of the disclosure.
TABLE 1
As shown in table 1, the plurality of threat risk categories corresponding to each element may represent a plurality of threat risks that the element may face, and a "∈" identifier is used below the threat risk category corresponding to each element in table 1 to represent a correspondence between each element and the plurality of threat risk categories. Other symbols may also be used to represent correspondence of each element to a plurality of threat risk categories, which is not limiting to the present disclosure.
As shown in table 1, the types of threat risks faced by the participant instance may include: identity fraud, transaction denial, and malicious input. For example, the participant may be counterfeited and repudiate his own initiated actions, etc.
The types of threat risks faced by an activity may include one or more of the following: identity fraud, privacy infringement, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure.
The types of threat risks faced by the traffic flow may include one or more of the following: privacy violation, transaction denial, resource abuse, malicious input, and information disclosure.
The types of threat risks faced by the data storage entities may include one or more of the following: privacy violation, transaction denial, resource abuse, malicious input, and information disclosure.
According to embodiments of the present disclosure, the threat library may also include specific threat risks included by the individual threat risk categories. For example, the types of threat risks faced by database instances in a login service may include information leakage, and specific threat risks of information leakage may include: database information leakage, sensitive information plaintext display, etc. The threat library may also include a threat description of a specific threat risk, for example, the specific threat risk is that the database information leaks, and an attack method, for example, the threat description may be that the database version leaks, and the attack method may be that the database version leaks when the database alarms.
According to the embodiment of the disclosure, according to the element to which each instance in the business flow chart belongs, the threat risk corresponding to the instance can be found from the threat library.
According to the embodiment of the disclosure, the aspects of the service design period, which are likely to have security problems, can be focused through the service flow chart and the threat library, the service security threat is abstracted and structured in a mode of constructing the threat library, the threat range is determined, and the threats are tracked and updated in a form and list mode, so that the threats are identified and managed in the initial stage of the service design. And by constructing a threat library, the software requirement design and the security test design can be guided, the aspects of business security threats possibly faced by the software system can be clarified, and the targeted test cases can be designed.
Fig. 4 schematically illustrates a flow chart of a method of generating a threat list for a product in accordance with an embodiment of the disclosure.
As shown in fig. 4, the method may include operations S401 to S404.
In operation S401, a target instance in each business flow graph is determined, wherein the target instance includes an instance included by a participant entity, an instance included by an activity, an instance included by a data storage entity, and a business flow that crosses a trusted boundary in each business flow graph.
According to the embodiment of the disclosure, the target instance needing threat analysis can be quickly determined according to the trusted boundary in the service flow chart. As shown in fig. 3, the target instance may include a terminal device and an OTP token in the participant entity, login authentication and dynamic password authentication in the activity, a database in the data storage entity, traffic flow intersecting the first boundary, and traffic flow intersecting the second boundary.
In operation S402, an element type to which the target instance belongs is determined.
According to embodiments of the present disclosure, the element to which each target instance belongs may be determined according to fig. 3. For example, the terminal device belongs to a participant entity, the login authentication belongs to an activity, and the like.
In operation S403, a plurality of threat risks corresponding to each target instance are determined from the threat library according to the element category to which the target instance belongs.
According to embodiments of the present disclosure, from the threat risks that the participant entity may face in table 1 including identity fraud, transaction denial, and malicious input, it may be determined that the threat risk corresponding to the terminal device may include identity fraud, transaction denial, and malicious input. From the threat risks that activities in table 1 may face include identity fraud, privacy infringement, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure, it may be determined that threat risks corresponding to login authentication may include identity fraud, privacy infringement, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure. The manner of determining the threat risk corresponding to other examples is similar to the manner of determining the threat risk of the terminal device and login authentication, and is not repeated here.
In operation S404, a threat list is generated according to the business function corresponding to each business flow chart, the target instance of each business flow chart, the element to which each target instance belongs, and the plurality of threat risks corresponding to each target instance.
According to the embodiment of the disclosure, for the business flow graph of each business function, the threat risk corresponding to the target instance in the business flow graph can be found from the threat library, and a threat list can be generated according to the corresponding relation between the target instance of each business function and the threat risk. The individual threat risks in the threat list may represent potential threats faced by the current product. The threat list may also include the category to which each threat risk belongs.
Table 2 schematically illustrates a threat list in accordance with an embodiment of the disclosure.
TABLE 2
As shown in table 2, R 1~R30 represents the individual threat risks faced by the current product.
In operation S203, risk assessment is performed on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks.
According to the embodiment of the disclosure, for each threat risk in the threat list, threat risk assessment may be performed from multiple aspects of probability of occurrence of the threat risk, economic loss caused by occurrence of the threat risk, and the like, so as to determine a processing strategy for reducing or eliminating the threat risk according to an assessment result.
According to the embodiment of the disclosure, firstly, a business flow chart of each business function of a product is obtained, then, the threat risks corresponding to each instance in each business flow chart are obtained from a threat library, a threat list is generated, and further, risk assessment is carried out on each threat risk in the threat list to determine a processing strategy for processing each threat risk. The embodiment of the disclosure can automatically determine the threat risk in the business flow chart through the threat library, and determine the processing strategy of the threat risk through carrying out risk assessment on the threat risk, so that the threat risk can be efficiently and accurately identified and processed, and the system security is improved.
Fig. 5 schematically illustrates a flow chart of a method of obtaining a business flow chart for each business function in a product according to an embodiment of the present disclosure.
As shown in fig. 5, the method may include operations S501 to S502.
In operation S501, a business logic diagram of the product is obtained, where the business logic diagram includes a plurality of the business functions of the product.
According to embodiments of the present disclosure, during a development cycle of a product, a demand is initially set up by a demand person, and then a business architecture is designed by a designer. And in the stage of carrying out demand on the product or designing a business architecture, a business logic diagram of the product can be obtained according to the application scene of the product.
Fig. 6 schematically illustrates a business logic diagram of an article of manufacture according to an embodiment of the present disclosure.
As shown in fig. 6, according to the application scenario of the product, the service logic diagram of the product may include registration, login, personal banking, investment and financial, life payment, account management, transfer and remittance, balance inquiry, and other services.
In operation S502, a service flow chart of each of the service functions is generated for each of the service functions.
According to the embodiment of the disclosure, for each service function in the service logic diagram, a service flow diagram corresponding to the service function can be generated according to the service logic. For example, a business flow diagram as shown in FIG. 3 may be generated for a login business in a product.
Fig. 7 schematically illustrates a flowchart of a method of threat assessment for each threat risk in a threat list in accordance with an embodiment of the disclosure.
As shown in fig. 7, the method may include operations S701 to S703.
In operation S701, a threat score is calculated for each threat risk in the threat list.
According to the embodiment of the disclosure, for each threat risk in table 2, the threat risk may be quantified according to the probability of occurrence of the threat and the severity of the accident caused by the occurrence of the threat, so as to obtain a threat score of the threat.
Fig. 8 schematically illustrates a flowchart of a method of calculating threat scores for each threat risk in a threat list in accordance with an embodiment of the disclosure.
As shown in fig. 8, the method may include operations S801 to S803.
In operation S801, a probability of occurrence of each threat risk is determined according to one or more of a recurrence difficulty, a discovery difficulty, a utilization difficulty, an attack technique maturity, an attack technique difficulty, and a hazard degree of each threat risk.
According to the embodiment of the disclosure, the difficulty level of threat risk occurrence can be determined according to the recurrence difficulty, the discovery difficulty and the utilization difficulty of threat risk. The recurrence difficulty may represent a technical difficulty of recurrence of the threat risk for an attacker, the discovery difficulty may represent a difficulty of discovery of the threat risk for a defender, and the utilization difficulty may represent a difficulty of utilizing the threat risk for the attacker to cause an accident.
According to embodiments of the present disclosure, each of three indicators of the recurring difficulty, the discovery difficulty, and the utilization difficulty may represent the extent of each indicator in a range. For example, the recurrence difficulty [0,4] may indicate that the recurrence difficulty may have five total degree values of 0,1,2,3,4, with greater degree values indicating greater recurrence difficulty. For another example, the discovery difficulty [0,4] may indicate that the recurrence difficulty may have five total degree values of 0,1,2,3,4, with a greater degree value indicating a higher discovery difficulty. The utilization difficulty [0,4] can represent that the utilization difficulty can have five degree values of 0,1,2,3 and 4, and the greater the degree value is, the higher the utilization difficulty is.
According to the embodiment of the disclosure, the difficulty level of the threat risk can be represented by letter T, and the difficulty levels of different levels can be represented by T [0,4], wherein the greater the level value is, the more difficult the threat risk is represented, and the difficulty level of the threat risk can be represented by the following formula (one):
According to the embodiment of the disclosure, the attack factors of the threat risk can be determined according to the attack technology maturity, the attack technology difficulty and the hazard degree of the threat risk. The attack technology maturity can represent whether an attack method aiming at the threat risk is mature, the attack technology difficulty can represent the technical requirement of the attack method aiming at the threat risk, and the harm degree can represent the loss caused by the threat risk.
According to the embodiment of the disclosure, each index of the three indexes of the maturity of the attack technology, the difficulty of the attack technology and the hazard degree can also represent the degree of each index by a range. For example, an attack technique maturity of [0,4] may indicate that the attack technique maturity may be five degrees in total of 0,1,2,3,4, with a greater degree value indicating a higher attack technique maturity. The attack technical difficulty [0,4] can represent that the attack technical difficulty can be divided into five degrees of 0,1,2,3 and 4, and the larger the degree value is, the higher the attack technical difficulty is. The hazard levels [0,4] can represent that the hazard levels can be 0,1,2,3,4 in total to five degrees, and the greater the degree value, the higher the hazard level.
According to the embodiment of the disclosure, the attack factors of threat risks can be represented by letters A, and attack factors of different degrees are represented by A [0,4], wherein the greater the degree value is, the greater the attack factor is, and the attack factors of threat risks can be represented by the following formula (II):
according to the embodiment of the disclosure, the occurrence probability of the threat risk may be represented by the letter P, and the probabilities of different degrees may be represented by P [0,4], where the greater the degree value, the greater the occurrence probability of the threat risk, and the occurrence probability of the threat risk may be represented by the following formula (iii):
In operation S802, a severity of an incident caused by each threat risk is determined from one or more of a potential loss caused by each threat risk, an affected user of each threat risk, and an asset value of the product.
According to embodiments of the present disclosure, the potential loss caused by the threat risk may be determined according to whether other products having the same business function as the current product are at the same threat risk. The indicator of potential loss due to threat risk may also be expressed in terms of a range of degrees to which the indicator is indicative, e.g., potential loss 0,4 may indicate that the potential loss may be five degrees 0,1,2,3,4, with a greater degree value indicating a greater potential loss.
According to embodiments of the present disclosure, the affected users of the threat risk may be determined from the audience users of the product. The core degree and the user quantity size of the affected users may be represented by a range of degrees, e.g., the affected users [0,4] may represent that the affected users may have five degrees of 0,1,2,3,4, the greater the degree value, the higher the core degree or the greater the number of affected users.
According to embodiments of the present disclosure, a range of degrees may be used to represent the magnitude of the asset value of a product, e.g., asset value [0,4] may represent that the asset value of a product may have five degrees of 0,1,2,3,4, with greater degrees representing a higher asset value of a product.
According to the embodiment of the disclosure, the severity of the accident caused by the occurrence of the threat risk may be represented by the letter D, the severity of the accident caused by the occurrence of the threat risk may be represented by the following formula (four) as the severity of the accident caused by the occurrence of the threat risk is greater, the greater the severity of the accident is represented by D [0,4 ]:
in operation S803, a threat score for each threat risk is calculated according to the occurrence probability of each threat risk and the severity of the incident caused by each threat risk.
According to an embodiment of the present disclosure, threat scores of threat risks are represented by letters Q, threat scores of different degrees are represented by Q [0, 16], the greater the degree, the higher the threat score is represented, and the threat score Q can be represented by the following formula (five):
q (0, 16) =P [0,4] ×D [0,4] formula (five)
When the degree value of the threat score Q is 0, the threat risk can be ignored, and when the degree value of the threat score Q is 16, the threat risk needs to be emphasized.
Taking threat risk R 5 in table 2 as an example, the recurrence difficulty [0,4] =1, discovery difficulty [0,4] =1, utilization difficulty [0,4] =1, attack technology maturity [0,4] =3, attack technology difficulty [0,4] =3, hazard degree [0,4] =3, potential loss [0,4] =3, affected user [0,4] =1, asset value [0,4] =4 can be set, and threat score of threat risk R 5 can be obtained according to the above formula to be Q [0, 16] =4.62.
In operation S702, a threat processing level of each threat risk is calculated according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
According to the embodiment of the disclosure, after quantifying each threat risk in table 2, a service function corresponding to each threat risk may be determined according to table 2, for example, the service function corresponding to threat risk R 1~R30 is a login service.
According to the embodiment of the disclosure, each business function in the product is provided with a corresponding weight, and the threat treatment level of the threat risk can be represented by the product of the threat score of the threat risk and the business function weight corresponding to the threat risk.
In operation S703, a processing policy for processing each threat risk is determined according to the threat processing level of each threat risk.
According to the embodiment of the disclosure, for the threat processing level of each threat risk, the cost of adopting the corresponding processing policy can be calculated, the control intensity after adopting the corresponding processing policy is evaluated, and the processing policy for each threat risk is comprehensively determined so as to reduce or eliminate the threat risk according to the processing policy. The control intensity after the corresponding processing strategies are adopted can be determined according to the probability and the frequency of the recurrence of each threat risk after each processing strategy is adopted and the loss range caused by the recurrence.
Fig. 9 schematically illustrates a flowchart of a method of calculating threat processing levels for each threat risk in accordance with an embodiment of the disclosure.
As shown in fig. 9, the method may include operations S901 to S903.
In operation S901, a business logic diagram of a product is acquired, wherein the business logic diagram includes a plurality of business functions of the product.
Along with the above example, a business logic diagram of a product is shown in fig. 6. And according to the front-back sequence of the business logic, the business logic is a front business of the business logic, and the business logic is a rear business. For example, as shown in fig. 6, the registration service is a front service of all other services in the logic diagram, the login service is a rear service of the registration service, and the login service is a front service of the personal banking service, the life payment service and the account management service.
In operation S902, a weight of each of the plurality of service functions is determined according to a logical order of the plurality of service functions in the service logic diagram.
According to the embodiment of the disclosure, weights can be set for each service in turn according to the front-to-back sequence of service logic, specifically, the front-to-back service is required to be performed first, the wider the front-to-back service is exposed, the greater the possibility of being attacked, and if one service is the front-to-back service of more services, the heavier the weights of the services are. As shown in the service logic diagram of fig. 6, the weight of the registered service is the largest, and the weights of the other services are sequentially reduced. For example, the weight denoted by W may be set to w=4, the weight of the login service may be set to w=3, the weights of the personal banking service and the account management service may be set to w=2, and the weights of the investment financing service, the transfer remittance service and the inquiry balance service may be set to w=1.
In operation S903, a threat processing level of each threat risk is calculated according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
Along with the above example, according to embodiments of the present disclosure, where R 1~R30 in the threat list all belong to the risk of logging in traffic, then the threat processing level for each threat risk in R 1~R30 may be the product of the threat score for that threat risk and the weight of logging in traffic.
Fig. 10 schematically illustrates a flowchart of a method of determining a processing policy for handling each threat risk in accordance with an embodiment of the disclosure.
As shown in fig. 10, the method may include operations S1001 to S1003.
In operation S1001, for each threat risk, a cost of taking each processing policy is calculated.
According to embodiments of the present disclosure, for each threat risk, the cost required to take each treatment measure may be calculated to provide a reference for enterprise budget and final decision making.
In operation S1002, the control intensity of each processing policy is determined according to the probability, frequency, and loss range caused by the recurrence of each threat risk after each processing policy is adopted.
According to the embodiment of the disclosure, for each threat risk, the probability of reproduction of the threat risk and the frequency of reproduction of the threat risk after each treatment measure are adopted can be evaluated, the maximum loss and the minimum loss caused by the threat risk can be estimated according to the probability and the frequency of reproduction of the threat risk, and the control intensity corresponding to each treatment strategy adopted by the threat risk is determined according to the probability of reproduction of the threat risk, the frequency of reproduction and the range of possible losses of the threat risk after each treatment measure is adopted.
In operation S1003, an optimal processing policy is determined according to the threat processing level of each threat risk, the cost of each processing policy, and the control intensity of each processing policy.
According to the embodiment of the disclosure, for each threat risk, according to the threat processing level of the threat risk, the cost of each processing measure adopted and the control intensity corresponding to each processing measure adopted, the optimal processing strategy adopted for the threat risk can be comprehensively determined.
Fig. 11 schematically illustrates a flow chart of a method of demonstrating threat risk in accordance with an embodiment of the disclosure.
As shown in fig. 11, the method may include operations S1101 to S1103.
In operation S1101, a level of each threat risk is determined according to the threat score of each threat risk.
According to the embodiment of the present disclosure, after the threat score Q [0, 16] of each threat risk is calculated in operation S203, the [0, 16] may be divided into three scoring intervals of [0,5], [6, 11], [12, 16], and the level of the threat risk may be determined according to the scoring interval in which the threat score of each threat risk is located. Specifically, the threat risk of the threat scored in the scoring intervals [0,5] can be determined to be low, the threat risk of the threat scored in the scoring intervals [6, 11] can be determined to be medium, and the threat risk of the threat scored in the scoring intervals [12, 16] can be determined to be high.
In operation S1102, each threat risk is classified according to the service function, and the threat risk of each service function is obtained.
According to the embodiment of the disclosure, the threat risks can be classified and aggregated according to the service functions corresponding to each threat risk in the threat list. For example, threat risk R 1~R30 may all correspond to login traffic, and threat risk R 1~R30 may be classified as a threat risk for login traffic.
In operation S1103, the threat risk of each service function and different levels of the threat risk of each service function are displayed in a manner of a rose, where the rose includes a plurality of sectors, each sector being used to represent the service function corresponding to each sector, each sector including different identifiers, the different identifiers being used to represent the threat risk of different levels, each of the different identifiers occupying an area used to represent the number of threat risks of the level corresponding to each of the identifiers.
Fig. 12 schematically illustrates a rose diagram according to an embodiment of the present disclosure.
As shown in fig. 12, the rose diagram includes a plurality of sectors, each sector corresponding to a service function, the angles of the sectors may be the same, and the threat risk of each service function is aggregated into the sector corresponding to the service function. From fig. 12, the relative threat risk of different traffic functions can be seen
According to an embodiment of the present disclosure, different levels of risk may be represented by different symbols, as shown in fig. 12, a triangle may represent a threat risk with a high level, a circle may represent a threat risk with a medium level, and a box may represent a threat risk with a low level. Different colors may also be used to represent different levels of risk, which is not limited by the present disclosure.
According to embodiments of the present disclosure, for each sector, the area occupied by all identifications in that sector is proportional to the number of threat risks belonging to that sector. The amount of threat risk per business function can be intuitively reflected according to the size of the area occupied by all the identifiers in each sector.
Further, for each identity in each sector, the area occupied by the identity is proportional to the number of threat risks at the level represented by the identity. For example, in the sector corresponding to the login service, the area occupied by the triangle is proportional to the number of high-risk threat risks in the login service, the area occupied by the circle is proportional to the number of medium-risk threat risks in the login service, and the area occupied by the square is proportional to the number of low-risk threat risks in the login service. The amount of threat risk per level in each sector can be intuitively reflected according to the size of the area occupied by each identity in that sector.
After determining the processing policy for processing each threat risk in operation S203, according to an embodiment of the disclosure, the method further includes: generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each threat risk, a level of each threat risk, a description of each of said threat risks, and a processing policy for each threat risk.
Table 3 schematically illustrates threat risk reports in accordance with an embodiment of the disclosure.
TABLE 3 Table 3
According to embodiments of the present disclosure, threat risk assessment reports may include each threat risk, a category of each threat risk, a description of each threat risk, a level of each threat risk, a treatment policy of each threat risk, and a level of the treatment policy.
In particular, different treatment strategies may be employed for different threat risks, e.g., some threats may not be eradicated, for which opportunities for such threats to occur may be employed, or thresholds for threat to occur may be raised. As another example, there are some threats, although present, that occur with a low probability and once they occur, with little danger. For this threat, acceptance may be selected. Based on this, the level of processing policy may include evasion, diversion, mitigation, and acceptance.
Fig. 13 schematically illustrates a block diagram of a threat risk processing apparatus for a product in accordance with an embodiment of the disclosure.
As shown in fig. 13, the threat risk processing apparatus 1300 for a product includes an acquisition module 1301, a first generation module 1302, and an evaluation module 1303.
The acquiring module 1301 is configured to acquire a service flow chart of each service function of a plurality of service functions of a product, where each service flow chart includes a plurality of elements, and each element includes a plurality of instances.
The first generating module 1302 is configured to generate a threat list of a product according to each service flowchart and a threat library, where the threat library includes a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list includes: a plurality of business functions, a plurality of instances in a business flow diagram corresponding to each business function, and a plurality of threat risks corresponding to each instance.
The evaluation module 1303 is configured to perform risk evaluation on each of the threat risks in the threat list, so as to determine a processing policy for processing each of the threat risks.
According to an embodiment of the present disclosure, the plurality of elements includes a participant entity, an activity, a business flow, and a data storage entity, the business flow diagram further including a trusted boundary for partitioning the business flow diagram into a plurality of trusted ranges.
The first generation module 1302 includes: the device comprises a first determining unit, a second determining unit, a third determining unit and a first generating unit.
The first determining unit is configured to determine a target instance in each service flow chart, where the target instance includes an instance included by a participant entity, an instance included by an activity, an instance included by a data storage entity, and a service flow crossing a trusted boundary in each service flow chart.
The second determining unit is used for determining the element category to which the target instance belongs.
The third determining unit is used for determining a plurality of threat risks corresponding to each target instance from the threat library according to the element types of the target instances.
The first generation unit is used for generating a threat list according to the business function corresponding to each business flow chart, the target instance of each business flow chart, the element to which each target instance belongs and a plurality of threat risks corresponding to each target instance.
According to an embodiment of the present disclosure, the evaluation module 1303 includes: a first calculation unit, a second calculation unit and a fourth determination unit.
The first computing unit is configured to compute a threat score for each of the threat risks in the threat list.
The second calculating unit is used for calculating the threat processing grade of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
The fourth determining unit is configured to determine a processing policy for processing each threat risk according to the threat processing level of each threat risk.
According to an embodiment of the present disclosure, the first computing unit includes a first determining subunit, a second determining subunit, and a first computing subunit.
The first determining subunit is configured to determine an occurrence probability of each threat risk according to one or more of a recurrence difficulty, a discovery difficulty, a utilization difficulty, an attack technology maturity, an attack technology difficulty, and a hazard degree of each threat risk.
The second determination subunit is configured to determine a severity of the incident caused by each threat risk based on one or more of the potential loss caused by each threat risk, the affected user of each threat risk, and the asset value of the product.
The first calculating subunit is used for calculating the threat score of each threat risk according to the occurrence probability of each threat risk and the severity of the accident caused by each threat risk.
According to an embodiment of the present disclosure, the second computing unit includes an acquisition subunit, a third determination subunit, and a second computing subunit.
The obtaining subunit is configured to obtain a service logic diagram of the product, where the service logic diagram includes a plurality of service functions of the product.
The third determining subunit is configured to determine a weight of each service function of the plurality of service functions according to a logic order of the plurality of service functions in the service logic diagram.
The second calculating subunit is used for calculating the threat processing grade of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
According to an embodiment of the present disclosure, the fourth determination unit includes: the third calculation subunit, the fourth determination subunit, and the fifth determination subunit.
The third calculation subunit is configured to calculate, for each threat risk, a cost of adopting each processing policy.
The fourth determining subunit is configured to determine the control strength of each processing policy according to the probability, the frequency, and the loss range caused by the recurrence of each threat risk after each processing policy is adopted.
The fifth determining subunit is configured to determine an optimal processing policy according to the threat processing level of each threat risk, the cost of each processing policy, and the control intensity of each processing policy.
According to an embodiment of the present disclosure, threat risk processing apparatus 1300 for a product further includes: the system comprises a second determining module, a classifying module and a display module.
The second determining module is used for determining the level of each threat risk according to the threat score of each threat risk.
The classification module is used for classifying each threat risk according to the service function to obtain the threat risk of each service function.
The display module is used for displaying the threat risk of each service function and different levels of the threat risk of each service function in a rose diagram mode, wherein the rose diagram comprises a plurality of sectors, each sector is used for representing the service function corresponding to each sector, each sector comprises different identifications, the different identifications are used for representing the threat risks of the different levels, and the area occupied by each identification in the different identifications is used for representing the number of the threat risks of the levels corresponding to each identification.
According to an embodiment of the present disclosure, threat risk processing apparatus 1300 for a product further includes: a second generation module for generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each threat risk, a description of each of said threat risks for each threat risk level, and a processing policy for each threat risk.
According to an embodiment of the present disclosure, the acquisition module 1301 includes an acquisition unit and a second generation unit.
The acquisition unit is used for acquiring a service logic diagram of the product, wherein the service logic diagram comprises a plurality of service functions of the product.
The second generating unit is used for generating a service flow chart of each service function aiming at each service function.
Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Or one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which, when executed, may perform the corresponding functions.
For example, any of the acquisition module 1301, the first generation module 1302, and the evaluation module 1303 may be incorporated in one module/unit/subunit, or any of them may be split into a plurality of modules/units/subunits. Or at least some of the functionality of one or more of these modules/units/sub-units may be combined with at least some of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to embodiments of the present disclosure, at least one of the acquisition module 1301, the first generation module 1302, and the evaluation module 1303 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-a-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or by hardware or firmware, such as any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three implementations of software, hardware, and firmware. Or at least one of the acquisition module 1301, the first generation module 1302 and the evaluation module 1303 may be at least partly implemented as a computer program module, which, when executed, may perform the respective functions.
It should be noted that, in the embodiment of the present disclosure, the threat risk processing apparatus portion for a product corresponds to the threat risk processing method portion for a product in the embodiment of the present disclosure, and the description of the threat risk processing apparatus portion for a product specifically refers to the data processing method portion, which is not described herein.
Fig. 14 schematically illustrates a block diagram of a computer system suitable for implementing the above-described methods, according to an embodiment of the present disclosure. The computer system illustrated in fig. 14 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present disclosure.
As shown in fig. 14, a computer system 1400 according to an embodiment of the present disclosure includes a processor 1401, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1402 or a program loaded from a storage section 1408 into a Random Access Memory (RAM) 1403. The processor 1401 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1401 may also include on-board memory for caching purposes. The processor 1401 may include a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1403, various programs and data necessary for the operation of the system 1400 are stored. The processor 1401, ROM 1402, and RAM 1403 are connected to each other through a bus 1404. The processor 1401 performs various operations of the method flow according to the embodiment of the present disclosure by executing programs in the ROM 1402 and/or the RAM 1403. Note that the program may be stored in one or more memories other than the ROM 1402 and the RAM 1403. The processor 1401 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the system 1400 may also include an input/output (I/O) interface 1405, the input/output (I/O) interface 1405 also being connected to the bus 1404. The system 1400 may also include one or more of the following components connected to the I/O interface 1405: an input section 1406 including a keyboard, a mouse, and the like; an output portion 1407 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1408 including a hard disk or the like; and a communication section 1409 including a network interface card such as a LAN card, a modem, and the like. The communication section 1409 performs communication processing via a network such as the internet. The drive 1410 is also connected to the I/O interface 1405 as needed. Removable media 1411, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memory, and the like, is installed as needed on drive 1410 so that a computer program read therefrom is installed as needed into storage portion 1408.
According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1409 and/or installed from the removable medium 1411. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1401. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 1402 and/or RAM 1403 described above and/or one or more memories other than ROM 1402 and RAM 1403.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (11)

1. A threat risk processing method for a product, comprising:
Acquiring a business flow chart of each business function of a plurality of business functions of the product, wherein the business functions comprise registration, login, personal banking, investment financing, life payment, account management, transfer and remittance and inquiry balance, each business flow chart comprises a plurality of elements, and each element comprises a plurality of examples; acquiring a business logic diagram of the product, wherein the business logic diagram comprises a plurality of business functions of the product; generating a business flow chart of each business function for each business function, wherein the business flow chart further comprises a trusted boundary, and the trusted boundary is used for dividing the business flow chart into a plurality of trusted ranges; determining an instance needing threat analysis in the business flow chart by utilizing the trusted boundary;
Generating a threat list of the product according to each business flow chart and a threat library, wherein the threat library comprises a plurality of elements and a plurality of threat risks corresponding to each element, and the threat list comprises: a plurality of business functions, a plurality of instances in a business flow chart corresponding to each business function, and a plurality of threat risks corresponding to each instance; the threat risk categories include: one or more of identity fraud, privacy violation, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure;
Performing risk assessment on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks, wherein the performing risk assessment on each of the threat risks in the threat list comprises: quantifying threat risks according to the probability of each threat and the severity of the accident caused by the threat, obtaining threat scores of the threats,
Wherein, threat risk occurrence probability: Wherein T (0, 4) represents the difficulty level of threat risk occurrence, and T (0, 4) can be determined according to the recurrence difficulty, discovery difficulty and utilization difficulty of the threat risk; a (0, 4) represents attack factors with different degrees, wherein A (0, 4) can be determined according to the attack technology maturity, the attack technology difficulty and the hazard degree of threat risks; severity of the incident following the threat:
D
Threat scoring of the threat: q
2. The method of claim 1, wherein the plurality of elements comprises a participant entity, an activity, a traffic stream, and a data storage entity;
The generating a threat list of the product according to each business flow chart and threat library comprises:
Determining a target instance in each of the business flowcharts, wherein the target instance comprises an instance included by the participant entity, an instance included by the activity, an instance included by the data storage entity, and a business flow crossing the trusted boundary in each of the business flowcharts;
Determining the element type of the target instance;
Determining a plurality of threat risks corresponding to each target instance from the threat library according to the element types of the target instances; and
And generating the threat list according to the business functions corresponding to each business flow chart, the target instance of each business flow chart, the element to which each target instance belongs and a plurality of threat risks corresponding to each target instance.
3. The method of any of claims 1-2, wherein the threat assessment of each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks comprises:
calculating a threat score for each of the threat risks in the threat list;
calculating threat processing grade of each threat risk according to threat score of each threat risk and weight of business function corresponding to each threat risk; and
And determining a processing strategy for processing each threat risk according to the threat processing grade of each threat risk.
4. The method of claim 3, wherein said calculating a threat score for each of said threat risks in said threat list comprises:
determining the occurrence probability of each threat risk according to one or more of the reproduction difficulty, the discovery difficulty, the utilization difficulty, the attack technology maturity, the attack technology difficulty and the hazard degree of each threat risk;
Determining a severity of an incident caused by each of the threat risks from one or more of a potential loss caused by each of the threat risks, an affected user of each of the threat risks, and an asset value of the product; and
And calculating a threat score of each threat risk according to the occurrence probability of each threat risk and the severity of the accident caused by each threat risk.
5. A method according to claim 3, wherein said calculating a threat processing level for each said threat risk based on a threat score for each said threat risk and a weight of a business function corresponding to each said threat risk comprises:
Acquiring a business logic diagram of the product, wherein the business logic diagram comprises a plurality of business functions of the product;
Determining the weight of each business function in the business functions according to the logic sequence of the business functions in the business logic diagram; and
And calculating the threat processing grade of each threat risk according to the threat score of each threat risk and the weight of the business function corresponding to each threat risk.
6. A method according to claim 3, wherein said determining a processing policy for processing each of said threat risks according to a threat processing level of each of said threat risks comprises:
calculating the cost of adopting each processing strategy aiming at each threat risk;
Determining the control intensity of each processing strategy according to the probability, frequency and loss range caused by the recurrence of each threat risk after each processing strategy is adopted; and
And determining an optimal processing strategy according to the threat processing level of each threat risk, the cost of each processing strategy and the control intensity of each processing strategy.
7. A method according to claim 3, further comprising, after calculating a threat score for each of the threat risks in the threat list:
determining the level of each threat risk according to the threat score of each threat risk;
Classifying each threat risk according to service functions to obtain threat risks of each service function; and
The threat risk of each business function and different levels of the threat risk of each business function are displayed in a rose diagram mode, wherein the rose diagram comprises a plurality of sectors, each sector is used for representing the business function corresponding to each sector, each sector comprises different identifications, the different identifications are used for representing the threat risks of different levels, and the area occupied by each identification in the different identifications is used for representing the number of the threat risks of the levels corresponding to each identification.
8. The method of claim 7, further comprising, after determining a processing policy for processing each of the threat risks:
Generating a threat risk assessment report, wherein the threat risk assessment report includes at least one of: each of the threat risks, a level of each of the threat risks, a description of each of the threat risks, and a processing policy for each of the threat risks.
9. A threat risk processing apparatus for a product, comprising:
An acquisition module configured to acquire a business flow chart of each of a plurality of business functions of the product, where the plurality of business functions include registration, login, personal banking, investment financing, life payment, account management, transfer of money and inquiry balance, each of the business flow charts includes a plurality of elements, each of the elements including a plurality of instances; acquiring a business logic diagram of the product, wherein the business logic diagram comprises a plurality of business functions of the product; generating a business flow chart of each business function for each business function, wherein the business flow chart further comprises a trusted boundary, and the trusted boundary is used for dividing the business flow chart into a plurality of trusted ranges; determining an instance needing threat analysis in the business flow chart by utilizing the trusted boundary;
the first generation module is used for generating a threat list of the product according to each business flow chart and the threat library;
Wherein the threat library comprises a plurality of the elements and a plurality of threat risks corresponding to each of the elements, the threat list comprising: a plurality of business functions, a plurality of instances in a business flow chart corresponding to each business function, and a plurality of threat risks corresponding to each instance; the threat risk categories include: one or more of identity fraud, privacy violation, transaction denial, rights promotion, resource abuse, malicious input, and information disclosure;
an evaluation module, configured to perform risk evaluation on each of the threat risks in the threat list to determine a processing policy for processing each of the threat risks, where performing risk evaluation on each of the threat risks in the threat list includes: quantifying threat risks according to the probability of each threat and the severity of the accident caused by the threat, obtaining threat scores of the threats,
Wherein, threat risk occurrence probability: Wherein T (0, 4) represents the difficulty level of threat risk occurrence, and T (0, 4) can be determined according to the recurrence difficulty, discovery difficulty and utilization difficulty of the threat risk; a (0, 4) represents attack factors with different degrees, wherein A (0, 4) can be determined according to the attack technology maturity, the attack technology difficulty and the hazard degree of threat risks; severity of the incident following the threat:
D
Threat scoring of the threat: q
10. A computer system, comprising:
One or more processors;
a memory for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 8.
11. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 8.
CN202010379490.6A 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system, and medium Active CN111563254B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010379490.6A CN111563254B (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010379490.6A CN111563254B (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system, and medium

Publications (2)

Publication Number Publication Date
CN111563254A CN111563254A (en) 2020-08-21
CN111563254B true CN111563254B (en) 2024-05-07

Family

ID=72074563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010379490.6A Active CN111563254B (en) 2020-05-07 2020-05-07 Threat risk processing method and apparatus for product, computer system, and medium

Country Status (1)

Country Link
CN (1) CN111563254B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113240310B (en) * 2021-05-25 2023-04-07 中国电子科技集团公司第二十九研究所 Method for evaluating threat of group to single target
CN116962090B (en) * 2023-09-21 2024-02-13 华能信息技术有限公司 Industrial Internet security control method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN109409892A (en) * 2017-08-15 2019-03-01 凡普互金有限公司 Methods of risk assessment and system
CN109683854A (en) * 2018-12-21 2019-04-26 北京国舜科技股份有限公司 A kind of software security requirement analysis method and system
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130325545A1 (en) * 2012-06-04 2013-12-05 Sap Ag Assessing scenario-based risks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN109409892A (en) * 2017-08-15 2019-03-01 凡普互金有限公司 Methods of risk assessment and system
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN109683854A (en) * 2018-12-21 2019-04-26 北京国舜科技股份有限公司 A kind of software security requirement analysis method and system
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system

Also Published As

Publication number Publication date
CN111563254A (en) 2020-08-21

Similar Documents

Publication Publication Date Title
Levi et al. Cyberfraud and the implications for effective risk-based responses: themes from UK research
Lagazio et al. A multi-level approach to understanding the impact of cyber crime on the financial sector
Zahra et al. Detecting Covid-19 chaos driven phishing/malicious URL attacks by a fuzzy logic and data mining based intelligence system
US20190295085A1 (en) Identifying fraudulent transactions
US20200250675A1 (en) Fraud Detection Based on Community Change Analysis Using a Machine Learning Model
CN111581643B (en) Penetration attack evaluation method and device, electronic device and readable storage medium
US11206280B2 (en) Cyber security threat management
Gaurav et al. A novel approach for DDoS attacks detection in COVID-19 scenario for small entrepreneurs
US11637870B2 (en) User responses to cyber security threats
US11574360B2 (en) Fraud detection based on community change analysis
US20180253737A1 (en) Dynamicall Evaluating Fraud Risk
JP6680736B2 (en) System and method for identifying potentially dangerous devices during user interaction with banking services
CN111563254B (en) Threat risk processing method and apparatus for product, computer system, and medium
US11888986B2 (en) Insight generation using personal identifiable information (PII) footprint modeling
Hussain et al. The Consequences of Integrity Attacks on E-Governance: Privacy and Security Violation
US20220129871A1 (en) System for mapping user trust relationships
US12013963B2 (en) Insight generation using personal identifiable information (PII) footprint modeling
Kaur et al. Cybersecurity threats in Fintech
CN116910816B (en) Multiparty asset collaborative management method and device for improving privacy protection
e Silva How industry can help us fight against botnets: notes on regulating private-sector intervention
US20230012460A1 (en) Fraud Detection and Prevention System
CN109919767B (en) Transaction risk management method, device and equipment
Oseni et al. E-service security: taking proactive measures to guide against theft, case study of developing countries
Dalpini Cybercrime Protection in E-Commerce During the COVID-19 Pandemic
Rethishkumar et al. Status Monitoring System-Based Defense Mechanism (SMS-BDM) for Preventing Co-resident DoS Attacks in Cloud Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant