Design And Implementation Of Automatic Testing And Evaluation System For Classified Protection Of Information Security

In recent years,the information technology and network technology has developed rapidly,people's life has also been more and more affected.More and more information systems are used in many department like government and educational institutions.While enjoying the convenience brought by the information system,it is also threatened by the security of the information system.Therefore,China has formulated a series of policy standards for information security related to China's national conditions.These policy standards defined the classified protection of information system,and the testing and evaluation is a very important part of classified protection.Under the guidance of the standards,the evaluation work has been carried out rapidly throughout the country.However,testing and evaluation staff is the main part of testing and evaluation what caused a series of problems in the testing and evaluation work.First,for example,the system is huge and complex,and the number of equipment is too many,the time of manual evaluation is too long and the efficiency of evaluation is low.Second,there is a great difference in personnel ability,so the result of the same point is different.Third,the possibility of error in manual evaluation is great,so the possibility of rework is also great.The appearance of evaluation tools provides a strong support for the work of evaluation staffs.At present,there are a wide variety of evaluation tools in the domestic and international markets,including vulnerability scanning tools,penetration test tools and project management tools.However,these tools are an auxiliary tool for evaluation staffs,and there is no tool that can replace some of tasks of manual evaluation.An automatic testing and evaluation system for classified protection of information security is designed in this dissertation according to the problem in manual evaluation.The system is based on the classified protection related standard.It can remote connect evaluation targets and evaluate automatically after entering the related information of network devices and servers.Then,evaluation report could be exported in a variety of file formats.Firstly,the development of information security standards and evaluation tools at in the domestic and international is analyzed and summarized,and the development tools and technologies used in this system are introduced.Secondly,the objective of the automatic evaluation system for classified protection of information security is defined.A detailed functional and non-functional requirement analysis is carried out according to the target,and the requirement points are carried out.Finally,the system is designed according to the system requirements,such as architecture,functional process,class structure and so on.Then the implementation is carried out according to the design,and the results are achieved.Python is used as the development language in the system,PyQt5 is used to develop the graphical interface,SQLite is used as the database management,and C/S architecture is used as the structure.The system is designed for evaluation staff to improve the efficiency and the accuracy.So the system has high practical value.