中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
面向对象的安全评估方法及若干评估技术指标的构建
作者: 李小满
答辩日期: 2004
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 网络安全评估 ; 面向对象的安全特征描述 ; OOSD模型 ; OOSD方法 ; 指标
摘要: 本文提出了一种新颖的安全评估方法一一面向对象的安全评估方法。由于当前评估理论的匾乏,导致实际中相当多的安全评估不规范,随意,低效率。机构需要标准化的评估方法来指导相关工作。基于面向安全描述(OOSD)模型,作者给出了一种规范,开放和清晰的安全评估的架构。为了更加准确的描述信息系统的状态,作者提出了一套相关的评价指标。这个方法主要针对具有严格访问控制要求的信息系统。它是一个偏重于技术分析、专注于入侵防范的快速评估方法。它将更清晰的描述资产和建立资产维护文档、评估周期更具灵活性、评估任务更易分解实施、子系统评估部件更容易复用、评估过程更具有开放性,并且可以指导自动化评估软件的设计。文章中所提出的大多数方法是非常容易实现为软件的,这些评估策略将可以自动运行。对于管理信息系统尤其是大型信息系统,这种自动化的评估软件必然有着十分重要的意义。全文共分五章,第一章介绍了安全评估的重要地位并概述了相关研究情况。第二章介绍了当前评估科学的现状,主要包括相关的标准规范和方法论。第三章提出了面向对象的安全评估方法。作为对该评估方法的补充,作者在第四章构建了一套指标体系,用于支持该方法的实际应用。第五章总结了本文并提出了对未来工作的展望。
英文摘要: This paper presents a novel approach to the security evaluation of information system: OOSD approach. During to the absence of evaluation theory, most of the security evaluation is informal, random, and low efficiency in practice. The organization need standards to regular their evaluation for the huge information system and network. Basing the model of Object Oriented Security Description (OOSD), the author gives a formal, open and clear framework for security evaluation. And in order to describe the security of information system more accurately, the author gives a set of related guidelines. The approach is mainly for information system which needs strong access control. It is a kind of quick-operating approach which lays particular stress on technical analysis and intrusion protection. By the approach, people can describe asset and build maintenance document more clearly, run evaluation project with more flexible period, disassemble task and reuse sub-process more easily and have a more open framework for cooperation. And the approach provides direction for roboticized evaluation software design. Most of the methods provided by the paper is easy to integrated into evaluation software and work automatically. It must be significative for information system managing, especially for huge information system. This paper consists of five chapters. The first chapter introduces the importance and summarizes related research. The second chapter introduces currently theory of security evaluation. The third chapter provides OOSD approach. In the fourth chapter, the author builds a set of guidelines to assist appliance of the approach. The fifth chapter summarizes the paper and indicates the future work.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7592
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW014054.pdf(2599KB)----限制开放-- 联系获取全文

Recommended Citation:
李小满. 面向对象的安全评估方法及若干评估技术指标的构建[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李小满]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李小满]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace