| The security evaluation and risk assessment of information system is one of the important research directions of information security field.Most of the existing information security standards are expressed in natural language.The evaluators refer to these safety standard documents for security assessment of the information system.Since different evaluators have different understanding of security standards,the assessment results of the same system can be biased even according to the same security standard.Therefore,the main propose of our research in this paper is how to use the formalized method to transform the security standards written in original natural language into the security specifications described in the logical language.Then,the computer will analysis and determine the assessment results,which is vital and of significance to improving the objectivity of security assessment process.This article presents an automatic safety assessment method based on our research on logic ALC and its reasoner FaCT++.In this article,we use Description Logic to build a formalized model of Classified Security Protection of Cyber Security.Then,we build another model of target system.Finally,the FaCT++ reasoner is used to processing and checking these formalized models to find the result of assessment.Besides,aimed at the actual situation of the security assessment,we propose an extension on the grammar level of ALC description logic,in order to solve the problem of the inadequacy when expressing domain.To implement the reasoning work of extended ALC,we customized the FaCT++ reasoner.Finally,this article verifies the above methods through an assessment example.After its results proved that the extended ALC logic can better meet the needs of security standard modeling,and the automated method of security assessment which based on the logic of security specifications is feasible. |
PDF Full Text Request