Research On The Method Of Partition Of Security Domain Based On PPDRR And GRL Model

With the gradual increment of our national informationalization, most of vocations of our country rely on information system more and more. At the same time, because of the technical frangibility of network and many management risks, a lot of security problems of information system have appeared. So, how to make information system on the safe side is the most important point in the task of information security. Hierarchical protection is the fundamental task of information security. It is one of the important means to improve the construction of guarantee system of information security. The aim of hierarchical protection of information security is to improve our national informationalization, to favor the construction of guarantee system, and to enhance the defending ability of information system. However, the research of hierarchical protection in our country is a new field. So, there is little research on reference index and method of partition of security domain. In this circumstance, I want to apply myself to the research on reference index and method of partition of security domain. I hope what I do can favor the development of the task of hierarchical protection of information security in our country.In this paper, I firstly expounded the function of partition of security domain in the task of hierarchical protection of information security. Then, in order to research the reference index and method of partition of security domain based on the similarity of security requirement, I analyzed and concluded the security requirements of information system based on PPDRR model. At the same time, I introduced the related security measures of each security requirement. For the sake of analyzing the security requirements of information system in detail, I used the method of Goal Oriented requirement analysis to analyze the security requirements in hierarchical way, and then I constructed the security requirement model of information system using GRL Modeling Language. Based on the analyzing result of security requirements, I analyzed and constructed the reference index of the partition of security domain from the view of the similarity of security requirement. Based on the above analyzing result, I also designed a method of the partition of security domain from view of the similarity of security requirement. Thereafter, I showed a case about the partition of the security domain of an e-government system. Using this case, I validated the correctness of the security requirement model and the reference index of the partition of security domain. At the same time, using this case, I validated the validity of the method of the partition of security domain. In the end, aiming at the three important holes in the above case, I did some network security experiments to simulate the scene that these holes had been used by hackers. Through these experiments, I validated the reality of the existence of these holes in the above case, and then, using these experiments, I illuminated the need of the partition of security domain and the related security measures. At the same time, according to the result of these experiments, I also validated the rationality of the security requirements of related subsystems.This paper is one of the achievements of the Risk Assessment Project of the Information System of Each Department of Chongqing City Government launched by Chongqing Information Industry Bureau.