Research On Classified Protection And Risk Assessment Process Model Based On Petri Net

As China continues to speed up its process of informationalization from every aspect, the national economy and social development become increasingly reliant on the fundamental information networks and critical information systems. Consequently, the issue of information security begins to draw more and more attention from IT professionals. As essential parts of Information Security Assurance, Classified Protection and Risk Assessment take a very important role in securing the safety and security of fundamental information systems. However, Classified Protection and Risk Assessment of the Information Security in China are only in their early stage of development. From 2007 year, under arrange of country, China will carry through Classified Protection and Risk Assessment to important information systems extensive.Our research should combine both to use their advantage. In this way, Information System Security Assurance can be improved effective.In this paper, author analyze the advantage and the disadvantage of basic Petri Net and Object-oriented technology,.and then the result is the Object-oriented Petri Net which has collected the advantage of basic Petri Net and Object-oriented technology is fit for Information Security Assurance process model. In order to define this Object-oriented Petri Net, anthor analyze the process of Information Security Assurance and the essential of Information Security Assurance is presented. Author takes Object-oriented into the Petri Net, match the essential of Information Security Assurance and Petri Net, and define an Object-oriented Petri Net. In the need of Information Security Assurance Process model, author expands the definition. In this base, author use the expanded Object-oriented Petri Net model the process of Classified Protection and Risk Assessment, which is provided by"E-Government Information Security Classified Protection Guide"and"Information Security Risk Assessment Guide". Author devide the process into several sub-processes, for example, system identification, asset identification, threat identification, which is described by Petri Net, and then a total Petri Net model is presented. In model validation and analysis, author use incidence matrix of invariant to analyze the model property, and the result is the model is bounded, safe and unlocked. And then, author discusses the relationship of Classified Protection and Risk Assessment. Base the Petri Net model result, author design and develop a Classified Protection and Risk Assessment assist evaluation system. This system has essential of Classified Protection and Risk Assessment, which achieves extremely good scalability, and we test the system by an evaluate case.