| The security of the information system is the technical and administrant security methods that are built and adopted for the information processing system. They are taken to protect the hardware, the software and the data in the computer system, and to prevent the system or information from being destroyed, being changed and being revealed by chance or by design. The reasons that make1information lose its security very variously. There are not only the reasons of the lack of stability and reliability, but also the reasons due to the errors occurred during the operating. But above all, the greatest influences to the system are man-made attack and destruction, for examples, unauthorized saving and loading, destruction on purpose and computer virus, etc.The object of research of the security of the information is whole system. It includes not only single or separate element in the system, but also all elements or components that will be as an organic whole in the system. In the course of long research of the security of the information, the two important concepts, that were subject and object, were refined. According to control and restrict the power that subject can visit object, it caught our point to protect object. That consisted of the thesis of controlling of saving and loading. Because of putting forward the two concepts, the research of controlling of saving and loading that is the most important contents of computer security was be abstract. Its results make us use some models. A series of safe models have been developed in the research of controlling of saving and loading. It guided the research of computer safety and confidence to develop in theory and practice. To the primary aim of building information system, the research of security and the building of information system are both important and imminence.From the point of view of the security of the information, the following advices must be assured, for short CIRA.(1) Confidentiality. It means unauthorized visiting will be banned;(2) Integrity. It means information will not be amended, not be destroyed, not be lost in the course of saving and transmission;( 3 ) Reliability. It means the dependent degree of integrality of information;(4) Availability. It means whether can save needed information when be needed.The security of the information system can use 4A to weigh from some measures of assuring the security of the information or methods: Authentication. It checks users identity before users gain the resource of information and visiting to assure users themselves be legal; Authorization. It authorizes different users to make users legally visit distinct . information and system resource;Accountability. It checks, traces, and records all security affairs. That is main domain of business controlling. It offers evidences of security affairs of information system;Assurance. Its effect is that security strategy and information can be fully, truly understood and explained and the information resource can not be destroyed and lost in accident or disaster.For achieving the goal of security system, there are strategy and duty that need be sustained. The strategy has two requires:A clear, full security strategy must be defined for system and system will operate on the basis of the security strategy;Correlative controlling label of saving and loading must be assigned all objects in the system.To providing an independent of software and high administrative levels concept models is the aim of discussing security models. All security models reflect correlative security strategy. Security models may make us exactly hold security requires that were put forward by us and fill up leaks. So it is small enough and it must get rid of irrespective contents in the system. So formalization description, realization and validation of security models are feasibility.Relative to the other computer systems, database system has many characters like excessive object, lonp eriod of data existing,...
|
PDF Full Text Request