中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 期刊论文
Subject: Computer Science (provided by Thomson Reuters)
Title:
一种给定脆弱性环境下的安全措施效用评估模型
Alternative Title: efficiency evaluation model of system security measures in the given vulnerabilities set
Author: 吴迪 ; 冯登国 ; 连一峰 ; 陈恺
Keyword: Algorithms ; Decision making ; Efficiency ; Hierarchical systems ; Security of data
Source: 软件学报
Issued Date: 2012
Volume: 23, Issue:7, Pages:1880-1898
Department: 中国科学院软件研究所信息安全国家重点实验室;中国科学院研究生院信息安全国家重点实验室;信息网络安全公安部重点实验室(公安部第三研究所);信息安全共性技术国家工程研究中心;
Abstract: 评估信息系统安全措施效用是改进系统信息安全绩效的一条重要途径.传统方法在评估安全措施效用时并没有考虑业务数据流、攻击流和安全措施要素之间的相互作用和影响,无法保证评估过程和结果的有效性.提出了一种给定脆弱性环境下的信息系统安全措施效用评估方法,应用颜色Petri网为系统业务数据流、攻击流和安全措施要素进行统一建模.通过设计节点间脆弱性利用图生成算法和改进的Dijkstra算法识别所有可能破坏信息系统安全属性的最短攻击路径,使用层次评价模型评估系统安全措施的效用.给出了一种基于多属性决策的系统最优信息安全效用提升方案选择算法.改善评估过程对人员主观经验的依赖问题,有助于保证评估结果的一致性和可追溯性.以一个具体的Web业务系统为例进行实验,验证了所提出的模型和方法的正确性和有效性.
English Abstract: The efficiency evaluation of information system's security measures is important to improve the information system security. Conventional evaluation methods did not consider the interactivity and inter-influence of the business dataflow, attack flow, and security measures factors when evaluating system's security measures. Thus, they can not ensure the effectiveness of the evaluation process and results. An efficiency evaluating approach for information system's security measures under the given vulnerability set is presented in this paper. It employs colored Petri-Net tools to uniform modeling and simulates the interaction among the system's workflow, attack flow, and security measures. Based on this modeling method, the paper proposes an inter-nodes vulnerabilities exploiting graph generation algorithm and improves Dijkstra algorithm to identify shortest-attack-paths, which can cause damage to the information system's security attributes. Next, it constructs a hierarchical model to evaluate the effectiveness of the security measures and employs a gray multiple attributes decision-making algorithm to choose the best effectiveness-improving alternatives. By using this approach, the dependency on evaluators' subjectivity in the process of the evaluation of information system's security measures can be alleviated. Also, it helps to ensure the consistency and traceability of the evaluation results. Finally, a practical Web business system is taken as a case study to validate the correctness and effectiveness of the evaluation model. © 2012 ISCAS.
Language: 中文
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/14621
Appears in Collections:信息安全国家重点实验室_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
一种给定脆弱性环境下的安全措施效用评估模型.pdf(2153KB)----限制开放 联系获取全文

Recommended Citation:
吴迪,冯登国,连一峰,等. 一种给定脆弱性环境下的安全措施效用评估模型[J]. 软件学报,2012-01-01,23(7):1880-1898.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[吴迪]'s Articles
[冯登国]'s Articles
[连一峰]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[吴迪]‘s Articles
[冯登国]‘s Articles
[连一峰]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2022  中国科学院软件研究所 - Feedback
Powered by CSpace