黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

XIA Yang,LU Yu-liang,YANG Guo-zheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.19.050

2007-01-01

Abstract:Computer network security vulnerability assessment is a research focus in network security field.This paper puts forward the research target of computer network vulnerability assessment and the major problems appeared in the course of research.It analyses some resent research methods and techniques aimed at computer network vulnerability assessment,such as network vulnerability assessment in terms of network connectivity,intrusion path,graph theory,analysis tools,agent,AHP,as well as vulnerability dependence relation graph.Based on the analysis,it points out the advantage and disadvantage of each method.

Wei-wei CHENG,Yu-liang LU,Yang XIA,Guo-zheng YANG

DOI: https://doi.org/10.3969/j.issn.1000-2162.2007.04.008

2007-01-01

Abstract:Computer network vulnerability assessment is the important part of the computer security domain,it is very important to improve oneself security level of computer network.This paper introduces the computer network vulnerability firstly,expatiate on the problem which should be solved by the vulnerability assessment,embody introduce some main methods of computer network vulnerability assessment and the issues faced,and then it gives the future work of computer network vulnerability assessment.

Jiang Jianqin,Luo Hong,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.01.006

2007-01-01

Abstract:Program security is gradually becoming an active field in information security technology.It mainly includes program vulnerabilities analysis and program security protection technologies.In this paper,recent researches on program security are summarized.The development and related technologies,especially the three main approaches to program security protection,are synthetically reviewed in detail.In the end,research directions in this area are also discussed.

Sun Yang,Xiong Wei

DOI: https://doi.org/10.1109/icsess.2017.8342948

2017-01-01

Abstract:The vulnerability of network or information system is the inherent reason for the existence of security risks and security risks. External threats exploit the vulnerability of the network or information system to launch attacks. Therefore, in the field of network security risk assessment technology, security vulnerability analysis takes an important position and is the basis for a network security risk assessment. This paper mainly reviews the research status of network security vulnerability analysis methods, network security quantitative evaluation method and real-time evaluation method of network security.

You-Chun Zhang,Qiang Wei,Zeng-Liang Liu,Ying Zhou

DOI: https://doi.org/10.1109/icmlc.2010.5580771

2010-01-01

Abstract:Vulnerability discovery is base technology in information system development, product testing and counterinformation. At present, vulnerability discovery already has been turned into the hot spot of the global security researches. There are so many kinds of vulnerability discovery methods. Many vulnerabilities has been found each year. But the frame work of the vulnerability discovery is out of the researchers' sight. By analyzing the characters of the targets of vulnerability discovery, and researching the technological process of discovery process, and recovering the potential connections among each way of discovery. We present at first the architecture of vulnerability discovery technologies which divided into five layers namely, base layer, abstraction layer, discovery layer, analysis layer, and exploitation layer, and also explains in great detail the content, role and key supporting technologies of each layer. At last, this paper gives the outlook and the direction for the future work.

刘波,刘惠,胡华平,黄遵国

DOI: https://doi.org/10.3969/j.issn.1007-130x.2004.07.009

2004-01-01

Abstract:How to discover, fix and exploit computer system vulnerabilities has been one of the focuses of the study on network security. In the paper, we summarize and analyze the related research first, then we describe how to design and implement a vulnerability database, put forward methods based on CORBA to define and implement the application programming interfaces of the vulnerability database, accomplish the automatic push of patches among trusted computers based on event models, and achieve a dynamic analysis and reaction of vulnerabilities.

Jia HUAI,Shu HUANG,He TANG

DOI: https://doi.org/10.3969/j.issn.1674-7720.2010.05.020

2010-01-01

Abstract:This paper aims at the actuality and existing problems of security vulnerability used by many computer security departments, and proposes several strategies to automatically collect vulnerability information by methods of downloading the open source database, submitting a query to database and using a search engine then discusses information extracting technique from XML, HTML and text files and establish multi-source data fusing.

XIA Yang,LU Yu-Liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.10.017

2007-01-01

Computer Science

Abstract:In the field of network security,the research of quantitative vulnerability assessment of computer host and network is becoming highlighting.This paper brings forward a method of network-vulnerability quantitative assess- ment,and a corresponding system,based on this method,is established closely after that.In order to obtain the vul- nerability measurement of target host,the possibility of the existence and the exploitability of vulnerability are evalua- ted quantitatively in the system.On the basis of that,by combining with network topology,the dangerous path and critical node of network are analyzed in terms of the refined shortest-path algorithms.Thereby,the administrator can patch the vulnerability with a definite purpose,and which undoubtedly would enhance the general security performance of the network.

WEI Tao,WANG Guisi,ZOU Wei

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.z2.003

2009-01-01

Abstract:Software vulnerability closely relates to information security.This paper discusses the industry, technology and relative economic research since 2000 in detail.Software vulnerabilities are rooted in both technical and economic challenges.The software vulnerability industry can be divided into vulnerability discovering in upstream, security information provider (SIP) in midstream, and various applications in downstream.Both economic and technical approaches must be used to resolve software vulnerability problems.This paper suggests that China should develop the industry in SIP, tools, infrastructures, etc.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1109/ispa.2009.73

2009-01-01

Abstract:In information era advocating ubiquitous computing, computing resources are susceptible to attack without guaranteeing security of network system. It is necessary and desirable for network system to employ powerful safeguard to protect itself against diversified vulnerabilities. In this paper, we present reverse analysis and vulnerability detection for network system software (RAVDNSS), a novel approach which uses reverse analysis and vulnerability detection technologies to deal with security problems on critical network system. Adaptive reverse analysis we propose is used to dig out potential vulnerabilities, which might be abused by unauthorized and unlawful communities. A new vulnerability detection model is designed to provide safety precautions through detecting vulnerabilities and monitoring program behaviors. Our investigation aims to improve the ability to guard network system against malicious attacks. The proposed schemes demonstrate that our approach can effectively perform security detection and management of network system software.

KUANG Xiao-hui,ZHAO Gang,WEN Yan,XU Fei,MIAO Qing

DOI: https://doi.org/10.3969/j.issn.1002-137X.2012.06.014

2012-01-01

Computer Science

Abstract:As the large-scale distributed system plays an increasingly important role in such fields of national security,critical infrastructure and social life,its vulnerability analysis has become a growing focus nowadays.Regarding it as a vulnerability analysis object,a multi-layer model for large-scale distributed system was put forward first,and then a multi-dimension vulnerability analysis framework was proposed,which provided an overview of vulnerability analysis research area and method in three aspects,including vulnerability analysis phase,lifecycle process and taxonomy of vulnera-bility.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Meng Sun,Qi Wang,Jue He,Huailin Huang,Yu Huang,Xiaojie Shen,Yaohui Xiao,Suchun Fan

DOI: https://doi.org/10.1088/1742-6596/2290/1/012036

2022-01-01

Journal of Physics Conference Series

Abstract:Abstract Power system network is an important guarantee for the smooth operation of power enterprises. Considering the current automatic network vulnerability scanning method of power system, the detection rate of network vulnerability scanning is low due to its poor scheduling ability. Therefore, this paper designs a new automatic scanning method for network vulnerabilities in power system. According to the infrastructure of power system network vulnerability scanner, the power system web page interaction behavior recognition model is constructed to complete the power system web page interaction behavior recognition. On this basis, the power system network scanning scheduling algorithm is designed. Combined with genetic algorithm, the variation process of power system network vulnerabilities is determined, the power system network security situation is determined, the power system network scanning scheduling and vulnerability mining are realized, and the design of power system network leakage automatic scanning method is completed. The experimental link is constructed to verify this method. The verification shows that this method can effectively improve the detection rate of network vulnerability scanning and the efficiency of vulnerability scanning to a certain extent.

Jin He,Boxiang Shang,Yan Li,Bo Yin

DOI: https://doi.org/10.1088/1742-6596/1550/3/032057

2020-05-01

Journal of Physics: Conference Series

Abstract:Abstract With the promotion of the ubiquitous power IoT strategy, as well as the extensive application of advanced information communication technology and Internet + in the power grid, the power system has gradually broken the previous closure and exclusivity. The construction and deployment of open, interactive, extensive and interconnected power web business system are becoming more and more widespread. The inherent vulnerability and hidden danger of power web system make power face the risk transfer from network and information security to power system. Aiming at the potential security problems of vulnerability in the massive power web system, an in-depth study is made on the automatic mining and utilization technology of the vulnerability in the power web system. By carrying out researches on the framework design of automatic mining and utilization of vulnerabilities in power web system and the intelligent new mode of exploiting vulnerabilities in power web system, the overall design is made for the mechanism and model of automatic mining of asset vulnerabilities in power information system.

Huahui Lv,Zhe Ming,Aidong Xu,Hang Yang

DOI: https://doi.org/10.1109/CISCE.2019.00100

2019-07-05

Abstract:Social development has driven the rapid development of computer technology and networks and computers and networks have become "universal" from "rare". But the security instability that followed has also become a major problem in testing individuals and society. Therefore, in the fast and stable establishment of the computer system, how to improve the computer security defense capability has become a difficult problem that we urgently need to study and explore. This paper first analyzes the basic concepts of information security, refines related issues and puts forward suggestions on how to prevent and measure methods based on actual conditions, hoping to help the governance business.

Computer Science

Liwei Wang,Robert Abbas,Fahad M. Almansour,Gurjot Singh Gaba,Roobaea Alroobaea,Mehedi Masud

DOI: https://doi.org/10.1515/jisys-2020-0145

2021-01-01

Journal of Intelligent Systems

Abstract:Abstract With the advancement of internet and the emergence of network globalization, security has always been a major concern. During the trial operation, the management control platform discussed in this article included more than 600 network security vulnerabilities in the industry, with dozens of incidents, which were promptly dealt with and rectified, effectively improving the level of network security management and protection in the industry. As networks are very much vulnerable to denial of service attacks, much more emphasis has been given to security. By improving their network security, network administrators have often tried their best. To attempt penetration testing, it is the best way of ensuring the system security. With the development of information technology, the security requirement of information system is increasing day by day. The use of penetration testing technology is conducive to the realization of accurate positioning, accurate detection, and active alarm of security vulnerabilities, and the optimization of monitoring and rectification of the combination of network security management control system. Taking penetration testing technology as one of the core elements of management and control, the risk index model is optimized to make network security management controllable and efficient, and effectively achieve management and control objectives.

Shuyuan Jin,Yong Wang,Xiang Cui,Xiaochun Yun

DOI: https://doi.org/10.1109/icsmc.2009.5345951

2009-01-01

Abstract:Classification of network vulnerability is critical to detection and risk analysis of network vulnerability. A broad range of classification methods have been proposed in literature. This paper reviews a total of 25 selected approaches and identifies the differences and relations among them. It also points out some open issues for research in this field.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.