KR102727046B1 - Object-oriented web security framework analysis and design system - Google Patents

Abstract

The present invention is characterized by including a computing device provided with a display unit for displaying a security analysis and design platform screen that provides analysis of an existing web page and a security solution, and a user input unit for user input, in an object-oriented web security framework analysis and design system.

Description

{Object-oriented web security framework analysis and design system}

The present invention relates to an object-oriented web security framework analysis and design system, and more specifically, to an object-oriented web security framework analysis and design system which generates modeling data that models the structure and operation of encryption and authentication for a plurality of object data in UML in response to the security requirements of a web page, and designs an interface that enables independent function classification of each of a plurality of objects into a microservice architecture based on the modeling data.

Traditional web security framework analysis systems have mainly relied on static security policies and fragmented analysis techniques, and most of them are focused on a single application or specific security threats, and have had limitations in comprehensively addressing complex web environments and diverse security requirements.

In addition, it was difficult to respond quickly to changing security threats and the development of new technologies, and in many cases, it did not sufficiently reflect user-tailored security requirements. These problems reduced the efficiency and applicability of the security framework and left security vulnerabilities in web applications.

The present invention is intended to solve the above-described problems, overcome the limitations of traditional security frameworks, and provide an integrated security solution capable of responding to various security threats that may occur in a complex web environment.

The object-oriented web security framework analysis and design system can effectively identify and satisfy customized security requirements, enable rapid security threat response and continuous security management, thereby improving the overall security level of web applications and effectively reducing security vulnerabilities.

According to one embodiment of the present invention, an object-oriented web security framework analysis and design system comprises a computing device provided with a display unit for displaying a security analysis and design platform screen that provides analysis of an existing web page and a security solution; and a user input unit for user input.

The computing device and a server connected to the network include a communication unit; a storage unit; and a control unit; wherein the control unit, when receiving a user input for accessing the platform from the computing device, displays a first pop-up window requesting security identification information corresponding to the webpage on the display unit, and when receiving login information corresponding to the security identification information from the computing device, the control unit identifies security requirements of the webpage based on a plurality of object data for a plurality of objects constituting the webpage stored in advance, and the control unit generates modeling data that models the structure and operation for encryption and authentication of the plurality of object data in UML in response to the security requirements, and the control unit maps the plurality of object data included in the modeling data to a database for an actual plurality of objects, and sets access rights for each of the plurality of objects through a security framework, and the control unit designs an interface so that each of the plurality of objects can function independently as a microservice architecture by classifying the functions of each of the plurality of objects.

The control unit derives a security level for the access rights of each of the plurality of objects based on the following [Mathematical Formula 1], and if the security level does not reach a preset security level, displays a notification on the display unit to back up user information for the web page to a preset offline storage device.

[Mathematical Formula 1]

In the above [Mathematical Formula 1], S represents the security level, e represents a natural constant, x represents the user access frequency, y represents the complexity of the access policy, z represents the number of recent security incidents, w represents the system uptime, and v represents the number of currently applied security patches.

We provide an integrated security solution that overcomes the limitations of traditional security frameworks and responds to various security threats that may occur in complex web environments.

The object-oriented web security framework analysis and design system can effectively identify and satisfy user-tailored security requirements, enable rapid security threat response and continuous security management, and thereby improve the overall security level of web applications. It can provide an object-oriented web security framework analysis and design system that can effectively reduce security vulnerabilities.

FIG. 1 is a diagram schematically illustrating the configuration of an object-oriented web security framework analysis and design system according to one embodiment of the present invention.
FIG. 2 is a drawing illustrating a specific configuration of an object-oriented web security framework analysis and design system according to one embodiment of the present invention.
FIG. 3 is a diagram illustrating an algorithm by which an object-oriented web security framework analysis and design system according to one embodiment of the present invention operates.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, the same reference numbers or symbols refer to components that perform substantially the same functions, and the size of each component in the drawings may be exaggerated for clarity and convenience of explanation. However, the technical idea of the present invention and its core configuration and operation are not limited to the configuration or operation described in the following embodiments. In describing the present invention, if it is determined that a specific description of a known technology or configuration related to the present invention may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted.

In the embodiments of the present invention, terms including ordinal numbers such as first, second, etc. are used only for the purpose of distinguishing one component from another component, and singular expressions include plural expressions unless the context clearly indicates otherwise. In addition, in the embodiments of the present invention, terms such as 'configured', 'include', 'have', etc. should be understood as not excluding in advance the possibility of the existence or addition of one or more other features, numbers, steps, operations, components, parts, or combinations thereof. In addition, in the embodiments of the present invention, a 'module' or 'part' performs at least one function or operation, may be implemented as hardware or software, or may be implemented as a combination of hardware and software, and may be integrated into at least one module and implemented as at least one processor. In addition, in the embodiments of the present invention, at least one of a plurality of elements refers not only to all of the plurality of elements, but also to each one excluding the rest of the plurality of elements or all combinations thereof. Also, "configured to" can be used interchangeably with, for example, "suitable for," "having the capacity to," "designed to," "adapted to," "made to," or "capable of." "Configured to" does not necessarily mean only that something is "specifically designed to" in terms of hardware. Instead, in some contexts, the phrase "a device configured to" can mean that the device is "capable of" doing something in conjunction with other devices or components. For example, the phrase "a processor configured to perform A, B, and C" can mean a dedicated processor (e.g., an embedded processor) for performing the operations, or a generic-purpose processor (e.g., a CPU or application processor) that can perform the operations by executing one or more software programs stored in a memory device.

Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the drawings. This is intended to describe in detail enough to enable a person having ordinary knowledge in the technical field to which the present invention belongs to to easily carry out the invention, and it is to be understood that the technical idea and scope of the present invention are not limited thereby.

FIG. 1 is a diagram schematically illustrating the configuration of an object-oriented web security framework analysis and design system according to one embodiment of the present invention, FIG. 2 is a diagram specifically illustrating the configuration of an object-oriented web security framework analysis and design system according to one embodiment of the present invention, and FIG. 3 is a diagram illustrating an algorithm by which an object-oriented web security framework analysis and design system according to one embodiment of the present invention operates.

Referring to FIGS. 1 to 3, an object-oriented web security framework analysis and design system according to one embodiment of the present invention includes a computing device provided with a display unit for displaying a security analysis and design platform screen that provides analysis and security solutions for an existing web page and a user input unit for user input.

A computing device (100) according to one embodiment of the present invention includes, for example, a personal computer, a server computer, a handheld or laptop device, a mobile device (mobile phone, PDA, media player, etc.), a multiprocessor system, a consumer electronic device, a minicomputer, a mainframe computer, distributed computing including any of the aforementioned systems or devices, an edge computing environment in which data is processed at the edge where the data is generated rather than at a central server, and the like, but the configuration is not limited to what is described.

A computing device (100) may include at least one processor and memory. Here, the processor may include, for example, a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), etc., and may have multiple cores.

The memory may be volatile memory (e.g., RAM, etc.), nonvolatile memory (e.g., ROM, flash memory, etc.), or a combination thereof. Additionally, the computing device (100) may include additional storage. The storage may include, but is not limited to, magnetic storage, optical storage, etc. The storage may store computer-readable instructions for implementing one or more embodiments disclosed herein, and may also store other computer-readable instructions for implementing an operating system, application programs, etc. The computer-readable instructions stored in the storage may be loaded into the memory for execution by the processor.

In addition, the computing device (100) may include a user input unit (110) and an output device. The user input unit (110) may include, for example, a keyboard, a mouse, a pen, a voice input device, a touch input device, an infrared camera, a video input device, or any other input device. In addition, the output device may include, for example, one or more displays, speakers, a printer, or any other output device. In addition, the computing device may use an input device or an output device provided in another computing device as the user input unit (110) or the output device. In addition, the computing device may include a communication module that enables the computing device to communicate with another device. Here, the communication module may include a modem, a network interface card (NIC), an integrated network interface, a radio frequency transmitter/receiver, an infrared port, a USB connection, or other interface for connecting the computing device to another computing device. The communication module may include a wired connection or a wireless connection.

Each component of the computing device (100) may be connected by various interconnections such as buses (e.g., peripheral component interconnect (PCI), USB, firmware (IEEE 1394), optical bus structure, etc.) or may be connected by a network. Terms such as “component,” “system,” etc., used in this specification generally refer to a computer-related entity that is hardware, a combination of hardware and software, software, or software in execution.

A computing device (100) according to one embodiment of the present invention may include a display unit (120), and the display unit (120) may be implemented in various display methods, such as a liquid crystal, a plasma, a light-emitting diode, an organic light-emitting diode, a surface-conduction electron-emitter, a carbon nano-tube, a nano-crystral, etc. In the case of a liquid crystal method, the display unit (120) includes a liquid crystal display panel, a backlight unit that supplies light to the liquid crystal display panel, and a panel driver that drives the liquid crystal display panel. Meanwhile, the display unit (120) may be implemented with an OLED panel, which is a self-luminous element, without a backlight unit.

A web page according to one embodiment of the present invention includes one or more web resources published through the Internet and means a document or application that a user can access through a web browser. Such a web page is configured using various web standard technologies such as HTML, CSS, and JavaScript, and can display text, images, video, audio, and other multimedia content.

A web page according to the present invention is stored on a server, and when a user's web browser sends a request to the server, the server delivers the requested web page to the user. The web page may consist of a single page or may be part of a website consisting of multiple related pages.

Meanwhile, a web page according to one embodiment of the present invention provides information, interaction with users, and web-based services, thereby enabling users to search for desired information and use various online services.

A web page according to one embodiment of the present invention can be implemented with various forms of commands, and these commands can include HTML, CSS, JavaScript, and other scripting languages. The web page can also be dynamically generated using server-side scripting languages such as PHP, Python, and Ruby, and can perform complex tasks such as interacting with a database, processing user input, and dynamically updating content. In addition, the user experience can be improved by asynchronously communicating with a server using technologies such as AJAX, and updating only a part of the page. The implementation of the web page can be designed to ensure compatibility with various devices and browsers by complying with web standards and accessibility guidelines, and can be appropriately adjusted to various screen sizes and resolutions by applying responsive web design. In this way, the web page of the present invention can be implemented in various ways according to the needs and environments of the users, and thereby provides an efficient and effective web experience to the end users.

The security solution according to one embodiment of the present invention includes various technologies and methodologies designed to enhance the security of a website. Such security solutions are aimed at protecting data and systems constituting the website from unauthorized access, modification, destruction, or disclosure. The security solution may include a firewall, an intrusion detection system, anti-malware software, data encryption, SSL authentication, access control lists, session management, and a secure authentication method. In addition, a procedure for periodically checking and evaluating vulnerabilities of the website to identify and correct security vulnerabilities is also an important part. The security solution proposed in the present invention may include functions for setting up a web application firewall (WAF), protecting against attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), which are essential for improving the security level of the website and ensuring the safety of user data. The security solution of the present invention requires continuous updates and management, and must be continuously developed to respond to the latest security threats.

A security analysis and design platform according to one embodiment of the present invention refers to a platform used to identify, analyze, and design security requirements for websites and other computing systems, and to implement and manage related security solutions. The platform according to the present invention can be implemented to provide functions of security risk assessment, vulnerability scanning, threat modeling, security policy design, encryption strategy development, and security architecture design, thereby allowing a user to systematically evaluate the security status of a system through the platform, identify security vulnerabilities, and then design and apply appropriate security measures.

Meanwhile, the security analysis and design platform according to the present invention provides user-friendly interfaces such as a dashboard, a reporting tool, and a notification system to enable real-time monitoring and reporting of security status, and can also support the development of security policies and procedures and provide a response to specific requirements of an organization.

That is, the platform proposed in the present invention can be implemented to be continuously updated to respond to the latest security threats and to provide flexibility to integrate new security technologies and methodologies as technology advances.

An object-oriented web security framework analysis and design system according to one embodiment of the present invention includes a computing device and a server connected via a network.

Meanwhile, a server (200) according to one embodiment of the present invention includes a storage unit (220), a communication unit (210), and a control unit (230).

The communication unit (210) according to one embodiment of the present invention can communicate with the computing device (100) or other external electronic devices in a wired or wireless communication manner. Therefore, in addition to the connection unit including a connector or terminal for wired connection, it can also be implemented in various other communication methods. For example, it can be configured to perform one or more communications among Wi-Fi, Bluetooth, Zigbee, infrared communication, Radio Control, UWM (Ultra-Wide Band), Wireless USB, and NFC (Near Field Communication). The communication unit (210) can include a communication module such as BLE (Bluetooth Low Energy), SPP (Serial Port Profile), Wi-Fi Direct, infrared communication, Zigbee, and NFC (Near Field Communication). In addition, the communication unit (210) can be implemented in the form of a Device, S/W module, Circuit, Chip, etc.

The communication unit (210) according to one embodiment of the present invention may include the various communication modules described above, and may include an IoT communication module having an IoT network for each communication company. The IoT communication module may mean any IoT communication network in which a plurality of objects having separate communication units (210) are connected through a network to enable services based on various platforms. By using such an IoT communication module, a smoother communication network can be provided within a set area.

The storage unit (220) according to one embodiment of the present invention can receive information from the computing device (100) through the communication unit (210), or can receive and store the information, and can also receive and store information such as detailed items for managing the use of an application received by the control unit (230). The storage unit (220) can store various data according to the processing and control of the control unit (230) described below. The storage unit (220) can be accessed by the control unit (230) to perform reading, recording, modification, deletion, and updating of data. The storage unit (220) can include a nonvolatile memory such as a flash memory, a hard disk drive, a solid-state drive (SSD), etc. so as to preserve data regardless of whether system power is provided to the server (200). Additionally, the storage unit (220) may include volatile memory such as a buffer or RAM for temporarily loading data processed by the control unit (230).

The control unit (230) according to one embodiment of the present invention can perform control for the operation of various components of the server (200). The control unit (230) can include a control program (or instruction) that can perform such control operation, an inactive memory in which the control program is installed, a volatile memory in which at least a part of the installed control program is loaded, and at least one processor or CPU (Central Processing Unit) that executes the loaded control program. In addition, such a control program can be stored in other external electronic devices in addition to the server (200).

The control program may include program(s) implemented in the form of at least one of BIOS, device driver, operating system, firmware, platform, and application program (application). As an example, the application program may be installed or stored in advance in the server (200) when the server (200) is manufactured, or may be installed in the server (200) based on the received data by receiving the application program data from an external source at a later time of use. The application program data may be downloaded from an external server such as an application market, but is not limited thereto. Meanwhile, the control unit (230) may be implemented in the form of a device, a S/W module, a circuit, a chip, or a combination thereof.

According to one embodiment of the present invention, when a control unit receives a user input for accessing a platform from a computing device, the control unit can display a first pop-up window requesting security identification information corresponding to a web page on the display unit.

More specifically, according to one embodiment of the present invention, when a user attempts to log in to a specific web security platform via a computing device, the control unit detects this, and when the user clicks a login button or receives user input for entering authentication information, the control unit displays a first pop-up window on the user interface, wherein the first pop-up window requests the user to provide security identification information as an additional security measure for accessing the web page. For example, the security identification information may be the user's personal identification number (PIN), a security token, a password, biometric data, or other forms of authentication information similar thereto.

Meanwhile, the first pop-up window according to the present invention provides a form in which the user can safely input the corresponding information, and this operates as part of the security protocol related to the web page. When the user inputs and submits the required security information, the control unit performs a process of verifying this information. If the information matches exactly during the verification process, the control unit grants access to the web page requested by the user and redirects the user to the web page to which the access is granted or to the related security setting page. This process is important in ensuring the security of the user and the security of the web page, and plays a key role in protecting the system from unauthorized access.

According to one embodiment of the present invention, when a control unit receives login information corresponding to security identification information from a computing device, it can identify security requirements of a web page based on a plurality of object data for a plurality of objects constituting a previously stored web page.

More specifically, when a control unit according to one embodiment of the present invention receives login information matching security identification information input by a user, it performs a verification process by comparing the login information with information stored in an internal database or secure storage, and when the verification process is completed, the control unit then analyzes information related to the structure of a web page that the user is attempting to access.

In this process, the control unit analyzes information about multiple objects that make up the web page, which may include various elements that make up the web page, such as HTML elements, server-side scripts, client-side scripts, and database connection information. The control unit identifies the security requirements of the web page based on the object data of the security level assigned to each object, access permission settings, and vulnerability reports.

The process of identifying security requirements of a web page may include, for example, validation of input data, user authentication procedures, data encryption methods, and vulnerability protection mechanisms, and the control unit according to the present invention may be implemented to update a security policy related to the web page or apply new security measures according to the above-described security requirements.

A control unit according to one embodiment of the present invention can generate modeling data that models the structure and operation for encryption and authentication of multiple object data in UML in response to security requirements.

More specifically, the control unit according to one embodiment of the present invention identifies security requirements of a web page, and then visualizes security-related data structures and processes based on the security requirements using the Unified Modeling Language (UML). In this process, the control unit analyzes data on a plurality of objects constituting the web page, such as user authentication information, session management data, transaction data, etc., and expresses the relationships and interactions between them as UML diagrams.

In addition, the control unit according to the present invention can model encryption and authentication mechanisms. For example, a user authentication process can represent the interaction and data flow at each step using a sequence diagram, and with respect to data encryption, a class diagram can be used to represent objects including encryption keys, algorithms, related security protocols, etc., and the relationships between them.

A control unit according to one embodiment of the present invention can map a plurality of object data included in modeling data to a database for a plurality of actual objects, and set access rights for each of the plurality of objects through a security framework.

More specifically, the control unit according to one embodiment of the present invention performs the task of mapping a plurality of object data based on modeling data generated by UML to a database structure of an actual operating environment. In this process, each object data is converted into an actual table, field, relationship, etc. used in a web application. For example, an object containing user account information is connected to a user table of a database, and properties defined in the object are assigned to columns of the table.

Once this mapping process is complete, the control unit performs the task of setting access rights for each object. This is done using a security framework, and access rights are granted based on the sensitivity and importance of the object data, the user's role, and the level of authority. For example, data objects that require a high level of security may be set to be accessible only to administrators or users with specific authority, while objects containing general information may be set to have lower levels of access rights.

The control unit prevents unauthorized access to data through these access rights settings, strengthens the security of the system, and after the access rights for each object are set, when a user accesses the system and attempts to access data, the user's rights are verified, and operations such as viewing, modifying, and deleting data are permitted according to the set access rights. In this way, the control unit of the present invention can systematically manage the security architecture of a web application and effectively maintain the security level for each data object.

A control unit according to one embodiment of the present invention can design an interface to classify functions for each of a plurality of objects and allow each object to function independently in a microservice architecture.

More specifically, the control unit according to one embodiment of the present invention identifies and classifies a plurality of objects performing various functions within the system, and then performs a process of converting each of these into a microservice architecture capable of operating independently. In this process, the control unit analyzes the characteristics of the functions performed by each object and classifies them into different functional areas such as data processing, user interface management, authentication and security, logging and monitoring.

For each function classified in this way, the control unit designs an independent microservice. To this end, each microservice can be implemented to have an independent interface and environment that can perform its own data management, business logic processing, communication via API, etc. For example, a microservice responsible for user authentication includes the function of verifying the user's login information and managing the session, and a data processing microservice is responsible for interacting with the database and converting data.

The control unit designs mechanisms for each of these microservices to minimize inter-service dependencies while enabling inter-service communication when necessary, thereby allowing each microservice to be developed, deployed, and scaled independently, enhancing the flexibility of the system and minimizing the impact of changes or failures on other parts of the system.

As a result, the control unit configures each function as a microservice architecture to increase the modularity of the system, and designs interfaces and protocols that support the independent operation of each microservice, thereby improving the maintainability, scalability, and reusability of the system, and allowing each service to respond quickly to changing requirements and maintain the stability and security of the entire system.

A control unit according to one embodiment of the present invention can analyze design patterns composed of multiple objects arranged in a system. In this process, the control unit identifies the way objects interact, data flow, and processing procedures, and identifies which design patterns they follow. For example, the control unit analyzes how various design patterns such as MVC (Model-View-Controller), singleton, factory, and observer are implemented in the system.

Once the design pattern analysis is completed, the control unit designs the system architecture based on the analyzed patterns. At this time, the control unit can design the optimal architecture by considering the system requirements, performance goals, security requirements, etc.

For example, a microservice architecture can be adopted to improve the scalability and maintainability of the system, and for this purpose, service components separated for each function are designed, and after the architecture design is completed, the control unit arranges objects within the system according to the designed architecture, and in this process, the control unit adjusts the dependencies, communication paths, and data sharing methods between objects so that each object operates efficiently and the performance of the entire system is optimized. For example, a component that caches frequently used data can be introduced, or multiple worker objects can be arranged so that specific tasks can be processed in parallel.

Through this arrangement process, the control unit ensures that the objects within the system interact efficiently and that each object's function is maximized. In addition, the control unit monitors changes in the system and adjusts the arrangement of objects as needed to continuously maintain the performance and stability of the system. Through this, the control unit can continuously optimize the system's architecture and flexibly respond to system requirements and environmental changes.

A control unit according to one embodiment of the present invention derives a security level for access rights of each of a plurality of objects based on the following [Mathematical Formula 1], and, if the security level does not reach a preset level, can display a notification on the display unit to back up user information for a web page to a preset offline storage device.

[Mathematical Formula 1]

In the above [Mathematical Expression 1], S represents the security level, e represents a natural constant, x represents the user access frequency, y represents the complexity of the access policy, z represents the number of recent security incidents, w represents the system uptime, and v represents the number of currently applied security patches. More specifically, the exponential function used for x in [Mathematical Expression 1] represents the influence of the exponential increase in the user access frequency on the security level, the complexity of the access policy used for y represents the influence of the logarithmic scale on the security level, and z and w represent the influences of the recent security incident occurrence and the stability of the system on the security level.

More specifically, in [Mathematical Formula 1], the security level increases as the frequency of user access increases, reflecting the need for high security measures since frequently accessed systems may be exposed to higher security risks; the complexity of the system access policy is considered to be more effective in protecting the system; the security level decreases as the number of security incidents increases, indicating that the system is vulnerable, and in this case, the negative impact increases by a square to correct and reflect the influence on the security level; the system uptime, which is the length of time the system is stably operated, is taken into account, and the longer the uptime, the less the latest security updates or patches are applied, reflecting a decrease in the security level; and the number of security patches increases, reflecting an increase in the security level.

The control unit according to the present invention calculates the security level of each object using [Mathematical Formula 1], compares it with a preset security level standard, and if the calculated security level does not meet the preset standard, the control unit takes additional measures to safely protect user information related to the web page.

In a specific embodiment, the control unit displays a notification on the display unit to back up user information to an offline storage device for an object that has not reached a preset security level, thereby informing the user that important user information has been safely protected and backed up when the user next accesses the system, and allowing the user to take necessary security measures. For example, the user can receive this notification and take security measures such as changing a password, setting up multi-factor authentication, and updating personal information, and such procedures play an important role in strengthening the overall security of the system and ensuring the safety of user data.

100: Computing Device
110: User Input
120: Display section
200: Server
210: Communications Department
220: Storage
230: Control Unit

Claims (3)

In the analysis and design system of object-oriented web security framework,
A computing device having a display unit for displaying a security analysis and design platform screen that provides analysis and security solutions for web pages in operation; and a user input unit for user input;
Includes a server networked with the computing device,
The above server includes a communication unit; a storage unit; and a control unit;
When the control unit receives a user input from the computing device to access the platform, it displays a first pop-up window requesting security identification information corresponding to the web page on the display unit.
When the control unit receives login information corresponding to the security identification information from the computing device, it identifies the security requirements of the web page based on multiple object data for multiple objects constituting the previously stored web page.
The above control unit generates modeling data that models the structure and operation of encryption and authentication for the plurality of object data in UML in response to the above security requirements.
The above control unit maps multiple object data included in the above modeling data to a database for multiple actual objects, and sets access rights for each of the multiple objects through a security framework.
The above control unit designs an interface to classify the functions of each of the plurality of objects and to allow each to function independently as a microservice architecture.
The control unit derives a security level for the access rights of each of the plurality of objects based on the following [Mathematical Formula 1], and if the security level does not reach a preset security level, displays a notification on the display unit to back up user information for the web page to a preset offline storage device.

[Mathematical Formula 1]
An object-oriented web security framework analysis and design system characterized in that in the above [Mathematical Formula 1], S represents a security level, e represents a natural constant, x represents a user access frequency, y represents the complexity of an access policy, z represents the number of recent security incidents, w represents system uptime, and v represents the number of currently applied security patches. delete delete