Font Size: a A A

The Research On Information System Security Evaluation

Posted on:2004-08-18Degree:DoctorType:Dissertation
Country:ChinaCandidate:Q YanFull Text:PDF
GTID:1118360185463202Subject:Computer software and theory
Abstract/Summary:PDF Full Text Request
Information system security evaluation means the assessment of security protection abilities of the system with respect to a specific operational environment and mission. Although the researches about IT security evaluation standards have experienced more than 20 years, there are still many problems about information system security evaluation that deserve further researches.This paper addresses the problem of components composition security evaluation, establishes an adaptable and extensible security elements evaluation model and introduces the implementation of the evaluation tools for information system security.The main contributions of this paper are as follows:1) According to the effects of composition on the components themselves and the whole systems, the following concepts are introduced: composition independent security element, composition complementary security element and composition correlated security element.2) Dependency and correlation between components are defined. Based on the security analysis of access paths, a formal evaluation model of components composition security is presented. The model discriminates between different security elements during the evaluation process according to the system architecture and the relations between components.3) The approaches for the reevaluation of information system security are discussed based on the components composition security evaluation model.4) In accordance with security evaluation standards, the security elements which are difficult to measure directly are divided into measurable evidences. Meanwhile, taking account of characters of information system boundaries, computing environments, network and infrastructures, Factor-Criteria-Metrics-Evidence (FCME)...
Keywords/Search Tags:Security Evaluation, Security Element, Access Path, Factor-Criteria-Metrics-Evidence Model, Components Composition Security Evaluation Model
PDF Full Text Request
Related items