Research On The Issues Of Information System Security Architecture For Information Operation

Information security is an important issue in the area of information systems, especially in the face of Information Operation (IO). Architecture provides a methodology for understanding and managing complex systems. Security architecture is a base framework for building secure information systems and an important guideline for leading security development. The research on information systems security architecture (ISSA) will help to hold the top-level design for information system security according to the relationship between the whole and its parts, and to play a role of dominating and constraining the secure development of information systems. This dissertation gives an in-depth study on some problems about ISSA theory and technology facing IO based on summarizing the previous studies and practices. The main contents are as follows: survey on the previous study of information security and security architecture; analysis of the constructing of ISSA; modeling and application of security impact analysis model for security requirement; modeling and application of system security architecture model based on information domain; modeling and application of system role based access control model; modeling and application of system security management model based on policy and agent. The following research results are achieved. (1) The current research status of ISSA theory and technology is surveyed, the problems existing in the current research are analyzed, and some important issues are proposed to further study. (2) A three-dimensional analysis model for constructing ISSA is presented. The security elements, security views and security processes related to the development of ISSA are showed and analyzed. And the types of models oriented to security views of different application lays and the specification methods for the models based on UML are also addressed. (3) Some operational information types, information systems, information functions and their activity processes are analyzed and described in the face of IO. A mathematical model is constructed to obtain impact factors of information security using threat factor and sensitivity factor, based on the hierarchy-class-relations between information security threats, operational information types, information security attributions and operation attributions. After that, the framework for security services for security requirements is described using the expanded UML Use Case, and the rule for determining the level of security services according to the level of impact is proposed. (4) The formal description of information domain is given based on its concept. The establishment of information domains and the description of the information domain security policy are investigated for operational environment and system architecture. The function, members, information objects and the relationship between information domains of the four types of information domains including intelligence processing domain, information sharing domain, commanding decision domain and information feedback domain are presented and analyzed. The system security architecture model is suggested based on all the information domain security policies, and the application of the model in the phase of information assurance is analyzed. (5) After comparing the features of three sorts of access control policy including DAC, MAC and RBAC, the specific requirements of access control of information systems for IO are investigated, and the extension to RBAC model considering information domain is proposed. The constraints to the elements such as users, roles and permissions, and to the relations for extended RBAC model are fortified, and the constraint conditions are analyzed with the formalization of definition. The formal definitions and description of roles, permissions,classifications on inheritance between roles and authorization activity for system access control are presented. (6) The limitations of policy based security management and the reasons for introducing agent technology into security management are analyzed. Then, the idea of agent-policy based security management is advised. Furthermore, the structure models of agent-policy based security management and all types of agents are constructed. And the application of policy-agent based security management model in the information system network for IO is discussed, where the distributed control and centralized control coexist. (7) Some issues on ISSA for future work are suggested.