• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2020, Vol. 42 ›› Issue (09): 1563-1571.

• 计算机网络与信息安全 • 上一篇    下一篇

国家电网边缘计算应用安全风险评估研究

郭昊1,2,何小芸1,2,孙学洁3 ,陈红松3,刘周斌4,颉靖5   

  1. (1.全球能源互联网研究院有限公司,北京 102209;2.信息网络安全国家电网重点实验室,北京 102209;

    3.北京科技大学计算机与通信工程学院,北京 100083;4.国网浙江省电力有限公司电力科学研究院,浙江 杭州 310014;

    5.国家工业信息安全发展研究中心国防电子所,北京 100040)
  • 收稿日期:2019-10-14 修回日期:2020-04-10 接受日期:2020-09-25 出版日期:2020-09-25 发布日期:2020-09-24
  • 基金资助:
    国家社会科学基金(18BGJ071)

Application security risk assessment  of state grid edge computing

GUO Hao1,2,HE Xiao-yun1,2,SUN Xue-jie3,CHEN Hong-song3,LIU Zhou-bin4,XIE Jing5   

  1. (1.Global Energy Interconnection Research Institute Co.,Ltd.,Beijing 102209;

    2.State Grid Key Laboratory of Information & Network Security,Beijing 102209;

    3.School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083;

    4.State Grid Zhejiang Province Electric Power Research Institute,Hangzhou 310014;

    5.Defense Electronics Institute,China Industrial Control System Cyber Emergency Response Team,Beijing 100040,China)
  • Received:2019-10-14 Revised:2020-04-10 Accepted:2020-09-25 Online:2020-09-25 Published:2020-09-24

摘要: 依据国家网络安全等级保护与风险评估系列标准以及电力信息系统特点,提出国家电网边缘计算应用安全的风险评估模型,然后采用漏洞扫描工具AWVS、AppScan分别对集成最新安全漏洞的开源Web应用靶机软件BWAPP进行安全漏洞评测与风险评估实验,再运用模糊层次分析法对Web应用安全进行综合安全评价。针对应用程序的安全检测实验结果整理安全评估数据,实现对国家电网边缘计算应用安全风险评估的实例化验证。

关键词: 边缘计算, 应用安全, 风险评估

Abstract: According to a series of the national cyber security level protection and risk assessment standards and the characteristics of electric power information systems, a risk assessment model for application security of state grid edge computing is proposed. Then, the vulnerability scanning tools AWVS and AppScan are used to target security vulnerability evaluation and risk assessment experiments on the open source web application target software BWAPP that integrates the latest security vulnerabilities. Finally, the fuzzy analytic hierarchy method is used to comprehensively evaluate the security of Web application security. Based on the test results of the application security, the security assessment data are compiled to realize the verification of the application security risk assessment of the state grid edge computing.


Key words: edge computing, application security, risk assessment