| The research of traditional information system’s security is based on the thinking of intrusion prevention or intrusion detection, and is mainly concerned with the precaution of intrusion events. Although a variety of advanced security measures can continue to improve the security of the system, it still can not prevent intrusion events from occurring for one hundred percent, and information system also faces many threats such as node failures, hardware and software errors, human errors, natural disasters or power outages.So we must began to pay more attention to the system’s capacity of providing services after the intrusion, which is called survivability. The main work of this paper is to make a research into the key technologies involved in the information system survivability analysis and to propose a complete set of information system survivability analysis methods which has a practical application, finally we verified the correctness of the theory of information system survivability analysis which is proposed in this paper before by real case. The main researches in this paper are as follows:First, we gived some basic concepts of survivability, and gived a brief introduction to the existing definition of survivability. Then we proposed three specifications of survivability, according the PDRR model, and gived a description model of the information system survivability, namely using a quintuple to describe information system’s survivability.Second, we researched the entire process of information system survivability analysis. We first proposed a hierarchical model of survivability analysis, which transformming the information system survivability analysis from a simple analysis of probability of system state transition to layer-by-layer analysis of events, atomic task, fault scenario and essential service; Then we improved the SNA analytical framework and proposed a new framework for information system survivability analysis, which elaborating on the key steps of the.information system survivability analysis; Finally, in allusion to the core issue of this paper, we gived detailed discuss,and proposed hierarchical quantitative analysis model, which each index is calculating each specification of information system’s survivability;Third, according to the analysis of information system survivability in chapter3, referring to the entire progress of survivability analysis, analyse an instance’s survivability. Through the analysis of the instance, we can verify the correctness of the theory of information system survivability analysis which is proposed in this paper for a further step. |
PDF Full Text Request