Ontology-based security assessment for software products

机译：基于本体的软件产品安全评估

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper proposes an ontology-based approach to analyzing and assessing the security posture for software products. It provides measurements of trust for a software product based on its security requirements and evidence of assurance, which are retrieved from an ontology built for vulnerability management. Our approach differentiates with the previous work in the following aspects: (1) It is a holistic approach emphasizing that the system assurance cannot be determined or explained by its component assurance alone. Instead, the software system as a whole determines its assurance level. (2) Our approach is based on widely accepted standards such as CVSS, CVE, CWE, CPE, and CAPEC. Our ontology integrated these standards seamlessly thus provides a solid foundation for security assessment. (3) Automated tools have been built to support our approach, delivering the environmental scores for software products.

机译：本文提出了一种基于本体的分析和评估软件产品安全姿势的方法。它根据其安全要求和保证证据提供了对软件产品的信任的测量，这些证据来自为漏洞管理而构建的本体中检索。我们的方法在以下几个方面与以前的工作区分开来源：（1）它是一种整体方法，强调无法通过其组分保证来确定或解释系统保证。相反，整个软件系统确定其保证水平。（2）我们的方法是基于广泛接受的标准，如CVSS，CVE，CWE，CPE和CAPEC。我们的本体学完全纳入了这些标准，为安全评估提供了坚实的基础。（3）建立了自动化工具以支持我们的方法，为软件产品提供环境分数。

著录项

来源
《5th annual workshop on cyber security and information intelligence research 2009》|2009年|P.1 - 4|共4页
会议地点
作者
Ju An Wang; Minzhe Guo; Hao Wang; Min Xia; Linfeng Zhou;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类信息处理（信息加工）;
关键词
environmental score; ontology; security metrics; software products; vulnerability analysis and management;

机译：环境评分;本体论;安全性指标;软件产品;漏洞分析与管理;

相似文献

外文文献
中文文献
专利

1. Ontology-based context-sensitive software security knowledge management modeling [J] . Mamdouh Alenezi International Journal of Electrical and Computer Engineering . 2020,第6期

机译：基于本体的上下文敏感软件安全知识管理建模
2. Development of Ontology-Based Software Security Learning System with Contextualized Learning Approach [J] . Shao-Fang Wen, Basel Katt Journal of Advances in Information Technology . 2019,第3期

机译：基于本体化学习方法的本体软件安全学习系统的开发
3. Vulnerability distribution scoring for software product security assessment [J] . Hassan Rasheed International journal of information and computer security . 2014,第3期

机译：软件产品安全评估的漏洞分布评分
4. Ontology-based Security Assessment for Software Products [C] . Ju An Wang, Minzhe Guo, Hao Wang, 5th annual workshop on cyber security and information intelligence research 2009 . 2009

机译：基于本体的软件产品安全评估
5. Adoption of Free and Open-Source Software Security Products by Security Professionals [D] . Marshall, Robert. 2021

机译：通过安全专业人士采用自由和开源软件安全产品
6. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks [O] . Shibo Luo, Mianxiong Dong, Kaoru Ota, 2015

机译：基于软件定义网络的移动网络的安全评估机制
7. Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security [O] . Shao-Fang Wen, Basel Katt 2019

机译：软件安全性基于本体语境化学习系统的初步评估
8. Development of a software security assessment instrument to reduce software security risk [R] . Gilliam, D. P., Kelly, J. C., Powell, J. D., 2001

机译：开发软件安全评估工具以降低软件安全风险

Ontology-based security assessment for software products

摘要

著录项

相似文献

相关主题

期刊订阅