P Manadhata,J M Wing.Measuring a Syste-m''s Attack Surface[OL].http://www.cs.cmu.edu/~wing/publications/tr04-102.pdf.
[2]
National Security Agency.Information Assur-ance Technical Framework Release 3.1[OL].http://www.iaff.net.
[3]
Michael Greenwald.Computer security is not a science (but it should be)[A].In Proceedings of the Large-Scale Network Security Workshop[C].Landsdowne,VA,March 2003:24-27.
[4]
GB/T 18336,信息技术安全性评估准则[S].
[5]
ISO 18045,Common Evaluation Methodology[S].
[6]
B Littlewood.Towards operational measures of computer security[J].Journal of Computer Security,1993,2(3):211-229.
[7]
E Jonsson,T Olovsson.A quantitative model of the security intrusion process based on attacker behavior[J].IEEE Transactions on Software Engineering,1997,23(4):235-245.
