黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

YU Zhi-wei,TANG Ren-zhong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.11.026

2007-01-01

Abstract:In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the need,permit,can security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

YANG Hualin,GUO Tao,TONG Shuiguang

DOI: https://doi.org/10.3969/j.issn.1001-3881.2006.02.081

2006-01-01

Abstract:For the greater request of PDMS's security,static and dynamic data security model was presented,which realizes full-scale and partial security management pattern and the strict control of the database.For the new object,gene heredity based property inheritance model was given to speedup the course of security management.For the security of the net,cipher and digital signature were used to insure the integrality and secrecy during the data transmission.The PDMS's security was controlled roundly.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Y Hu,XR Xie,YZ Xin

DOI: https://doi.org/10.1109/pes.2004.1372957

2005-01-01

Abstract:This paper presents a modeling language and a quantitative evaluation approach for the security of power information systems. We firstly design a security architecture design trace language to universally describe system structures, services, security policies, attack behaviors and countermeasures. Next an automated risk analysis algorithm is proposed to get attack traces of power information systems. Then, based on the concept of relative security degree, security architecture can be quantitatively evaluated. Finally, with a case study in a real power information system, the effectiveness of the presented approach is demonstrated. In practice, the approach can be employed for assessing various kinds of countermeasures, such as increasing a new security function, adjusting system self structure, and changing customer operation requirements. And it can greatly decrease the subjectivity of counter-measure selection.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

HU Yan,XIE Xiao-rong,XIN Yao-zhong

DOI: https://doi.org/10.3321/j.issn:1000-3673.2006.02.002

2006-01-01

Abstract:At present there are not quantitative security architecture design methods and computer-aided design tools for power information system. The authors propose a pattern based quantitative security architecture design method, in which the aggressive behavior and safeguard are modeled by aggressive pattern and safeguard pattern respectively and the quantitative indices to select several safeguards are strictly defined with set theory. The advantages of the proposed method over the traditional risk management method are demonstrated in detail in security policy, system modeling, attack modeling, safeguard modeling, risk measurement, risk analysis and selection of safeguards. In order to decrease the cost of security architecture design and implement computer-aided design tools, the security architecture design process is further abstracted into a mathematical model of 0-1-integer programming.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Guoning Lv,Min Gao,Xiaoyu Ji

DOI: https://doi.org/10.1007/978-3-319-42291-6_60

2016-01-01

Abstract:Nowadays the logistics system has become an indispensable element for economic commerce activities, while information security is an important foundation in ensuring the development of electronic commerce logistics system. The purpose of this paper is to investigate the role of information security in electronic commerce logistics system. In that regard, an information security model is developed to protect the electronic commerce logistics system.

Jian Yao

DOI: https://doi.org/10.1155/2022/4380037

IF: 1.968

2022-10-12

Security and Communication Networks

Abstract:At present, the level of modernization and informatization is constantly improving, especially in rapidly developing China. A large amount of information is collected every second, forming a huge database and making people live in the "big data era." Following cloud computing and the Internet of things, big data technology has become another revolutionary change in the global society, changing global development and becoming a new development point for technological innovation, industrial policy, and national information security. Big data in the new age poses new challenges and perspectives for the nation's infosec development. Big data is a renewed tool for state security. Nations use big data to create state infosec, offering great facilitation, potential for adoption, and business value. This is a "new blue ocean" for competition among countries. Although big data brings convenience to public life, it also poses a serious threat to national information security. After the research and experiment of the model design of big data information security management of the Internet of things, the experimental data have shown that 86.67% set passwords in communication devices and storage devices. 66.67% installed firewalls, and 76.67% ran antivirus software. Compared with before, the total ratio of setting a password increased by 53.34% and the total ratio of installing a firewall and running antivirus software both increased by 26.67%. It can be seen from the above data that the protection of big data information under the Internet of things has been significantly improved. From the above data, through the big data information security management of the Internet of things, a new development direction is proposed for the development of information security.

computer science, information systems,telecommunications

Oluwasefunmi 'Tale Arogundade,Olusola J. Adeniran,Zhi Jin,Xiaoguang Yang

DOI: https://doi.org/10.4018/ijsse.2016070101

2016-01-01

International Journal of Secure Software Engineering

Abstract:Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System IS, hereafter, there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system ARAS which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protégé OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained.

Huahui Lv,Zhe Ming,Aidong Xu,Hang Yang

DOI: https://doi.org/10.1109/CISCE.2019.00100

2019-07-05

Abstract:Social development has driven the rapid development of computer technology and networks and computers and networks have become "universal" from "rare". But the security instability that followed has also become a major problem in testing individuals and society. Therefore, in the fast and stable establishment of the computer system, how to improve the computer security defense capability has become a difficult problem that we urgently need to study and explore. This paper first analyzes the basic concepts of information security, refines related issues and puts forward suggestions on how to prevent and measure methods based on actual conditions, hoping to help the governance business.

Computer Science

Ennan Zhai,Qingni Shen,Yonggang Wang,Tao Yang,Liping Ding,Sihan Qing

DOI: https://doi.org/10.1007/978-3-642-20291-9_38

2011-01-01

Abstract:Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use: on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems. SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.

Dong-hui HU,Xue-hai ZHOU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.04.001

2005-01-01

Abstract:Security model, which guides the construction and evaluation of security system, is the representation of security policies. Several security models are first reviewed and analyzed on the basis of the introduction to the concepts of basic model, classical model and multi-policy model. Some of those are compared emphatically. The paper is concluded with the future research on security model.

N. Limanova,A. Anashkin

DOI: https://doi.org/10.33619/2414-2948/87/27

2023-02-15

Bulletin of Science and Practice

Abstract:The relevance of the work lies in the fact that the pace of development of the field of information security does not correspond to progress in the development of data processing methods, resulting in a serious lack of practical knowledge of the subject area, which prevents the creation of conditions for secure recording, processing and storage of data. In the process of writing the article, modern methods and principles of ensuring information security, including a mandatory approach, were studied, and a brief description of software products supporting this approach was given. The mandatory method of information protection implies granting access rights to certain actions in accordance with the user’s status. Such actions can be, for example, writing, reading and changing data. Examples of user statuses are ‘administrator’ and ‘reader’, where the administrator, as a rule, is provided with the entire list of available actions, and the reader is provided with only a minimum, sufficient for familiarization activities. In its architecture, the mandatory approach often contains tools for conducting cluster analysis. Cluster analysis can be used both to carry out work on risk analysis and assessment, and to determine the degree of protection of an object. In any case, when building a cluster, it should be taken into account that some levels of protection may be represented by more objects than others. There are software products on the information security market that allow the use of a mandatory method of ensuring information security. One of the striking examples is the PostgreSQL database management system, which has an apparatus of labels assigned according to the user’s level of rights: the higher the level of rights, the higher the access level.

Thamer Alhussain,Ahmad Ali AlZubi,Osama AlFarraj,Salem Alkhalaf,Musab S. Alkhalaf

DOI: https://doi.org/10.1007/978-3-030-44041-1_108

2020-01-01

Abstract:This article proposes an information security management system (ISMS) model for automated data processing systems of critical applications (ADPS-CAs). The model allows users to carry out an assessment of the risk level for information security (IS) purposes and provides support for decision-making related to countering unauthorized access to the information circulating in an ADPS-CA. Further, this article analyzes the effect of a control parameter on the probability of launching an information integrity monitoring service (IMS) during a procedure that launches a typical ADPS-CA and its IS subsystem. The results present system quality indicators for protecting information from unauthorized access. The simulation was performed in relation to automated workstations as part of the ADPS-CA of a large enterprise.