Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Bug repair method based on hierarchical bug threat assessment

A vulnerability repair, hierarchical technology, applied in the field of vulnerability threat assessment, can solve the problem of inability to classify vulnerabilities

Inactive Publication Date: 2011-01-19
GRADUATE SCHOOL OF THE CHINESE ACAD OF SCI GSCAS
View PDF2 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, it is the two different vulnerability threat assessment methods, qualitative and quantitative, that lead to the current vulnerability assessment "separate" situation; at the same time, the existing technologies combine all rating elements to directly obtain the final rating or score As a result, this non-hierarchical vulnerability assessment method cannot divide vulnerabilities into more detailed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bug repair method based on hierarchical bug threat assessment
  • Bug repair method based on hierarchical bug threat assessment
  • Bug repair method based on hierarchical bug threat assessment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The present invention includes two parts, qualitative rating and quantitative scoring. The two parts of the present invention will be further described in detail below referring to the accompanying drawings in combination with Table 1-Table 9 and the vulnerability with CVE number CVE-2008-4250. The vulnerability numbered CVE-2008-4250 describes a buffer overflow vulnerability in the Windows system when the server service receives a specially crafted RPC request. Remote attackers may use this vulnerability to execute arbitrary programs on the target.

[0060] Such as figure 2 As shown, the specific implementation process of the vulnerability qualitative rating method of the present invention for the CVE-2008-4250 vulnerability includes the following steps:

[0061] Step 201: Analyze the impact of vulnerabilities on confidentiality. Since this vulnerability can cause an attacker to execute arbitrary programs on the target, an attacker can read the entire data of the sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a bug repair method based on hierarchical bug threat assessment. The method comprises the following steps: (1) extracting a plurality of information security attributes of the target system, a bug to be tested, and required attack conditions for the bug in the utilized process; (2) attacking the bug, and recording the value of the required attack conditions for the bug in the utilized process and the degree of damage after the bug is successfully utilized; (3) obtaining the qualitative grade score of the bug according to the degree of damage; (4) obtaining the attack utilization score of the bug according to the value of the required attack conditions; (5) obtaining the quantitative grade score according to the attack utilization value and the qualitative grade score; (6) and after determining the bug processing sequence according to the quantitative grade score of the bug to be tested, and repairing the bug. The method combines the advantages of qualitative and quantitative bug assessment methods, and divides the bugs as detailed as possible on the basis of visually giving out the bug threat degree, thereby helping the user to repair a great deal of bugs.

Description

technical field [0001] The invention mainly belongs to the field of vulnerability threat assessment, and relates to a vulnerability repair method, in particular to a vulnerability repair method based on hierarchical vulnerability threat assessment. Background technique [0002] Vulnerabilities are defects that are intentionally or unintentionally generated in the process of requirements, design, implementation, configuration, and operation of computer information systems. These defects exist in various forms in various levels and links of computer information systems. , it will cause damage to the computer information system, thereby affecting the operation of normal services built on the computer information system. In recent years, most of the security threats such as computer viruses, worms, Trojan horses, and hacker attacks that have caused harm to my country's politics, economy, and society are malicious subjects who use loopholes to achieve the purpose of spreading, de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F21/57
CPCG06F21/577
Inventor 张玉清刘奇旭付安民
Owner GRADUATE SCHOOL OF THE CHINESE ACAD OF SCI GSCAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com