|
Security analysis and evaluation of representational state transfer based on attack graph
ZHANG Youjie, ZHANG Qingping, WU wei, SHI Zhe
Journal of Computer Applications
2018, 38 (6):
1653-1657.
DOI: 10.11772/j.issn.1001-9081.2017112756
The security mechanism of REpresentational State Transfer (REST) architecture is not perfect. In order to solve the problem, the security analysis and evaluation of REST architecture based on attack graph was proposed, and the security quantitative evaluation of REST architecture was realized by using attack graph. Firstly, the possible attack of REST architecture was predicted, the REST architecture attack graph model was constructed accordingly, and the attack probability parameter and attack realization parameter were calculated. Then, according to the attack state and attack behavior of attack graph, the security protection measures were proposed. In view of the above, the REST architecture attack graph model was reconstructed, and the attack probability parameter and attack realization parameter were recalculated too. By comparison, after the adoption of security protection measures, the attack possibility parameter has been reduced to about 1/10, and the attack realization parameter has been reduced to about 1/86. The comparison results show that the constructed attack graph can effectively and quantitatively evaluate the security performance of REST architecture.
Reference |
Related Articles |
Metrics
|
|