黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

zhu jianxin,yang xiaohu,ye ronghua

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.16.022

2002-01-01

Abstract:Evaluating the performance of biometric systems is a complex problem.This paper describes a number of im-portant concepts about the performance evaluating of biometric systems ,such as accuracy,speed,robustness and storage requirements.It analyzes detailedly the performance evaluating of fingerprint recognition,face recognition and voice recog-nition.In security area including computer security,how and where biometric systems are deployed will depend on their performance.

Wei TIAN,Xiao-hu YANG,Xiao-yao XIE

1999-01-01

Abstract:In this article,we present research work which is focused on the Electronic Taxation System and its network security on Internet.Through analysis of the procedures of taxation and considerations of some of the characteristics of the current pragmatic network security technologies,we proposed a security model of ETS with reference to the system on Internet.

YAN Qiang,SHU Huaying,CHEN Zhong,DUAN Yunsuo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.02.045

2006-01-01

Abstract:Security elements evaluation is a primary problem of information system security evaluation. However the security elements defined in evaluation standard GB 17859 are abstract and hard to measure directly. It has become an urgent task to establish an understandable and practicable evaluation method for security elements. Based on the research and development process of security evaluation tools, this paper introduces the factor-criteria-metrics-evidence (FCME) model, which is used in security elements evaluation process, and discusses the implementation of the model.

Qiang YAN,Hua-ying SHU,Zhong CHEN,Yun-suo DUAN

DOI: https://doi.org/10.3969/j.issn.1007-5321.2005.04.017

2005-01-01

Abstract:Security evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects.

张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Nan Sun,Chang-Tsun Li,Hin Chan,Ba Dung Le,MD Zahidul Islam,Leo Yu Zhang,MD Rafiqul Islam,Warren Armstrong

DOI: https://doi.org/10.1109/ACCESS.2022.3168716

2022-04-02

Abstract:Advances of emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services. The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. In this paper, we conduct a systematic review of the CC standards and its adoptions. Adoption barriers of the CC are also investigated based on the analysis of current trends in security evaluation. Specifically, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project that promotes the CC among stakeholders in ICT security products related to specification, development, evaluation, certification and approval, procurement, and deployment. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.

Cryptography and Security,Computers and Society

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Zhang Bo,Wen Tao,Lei Jing,Yang Yunxiang,Guo Jing

DOI: https://doi.org/10.1007/978-981-13-6508-9_119

2019-06-14

Abstract:The blurred synthesis evaluation arithmetic based on analytic network process and systemic security evaluation target system is designed, and the main technology and system realization of cyberspace security evaluation system are presented, which is realized based on fight theory’s attack and defense affection evaluation and systemic security evaluation technology. The technology and system can provide a systemic security evaluation to information system target’s security and put forward security resolve scheme suggestions, which have important effect and meaning on accelerating China’s cyberspace war ability.

GUO Lifeng,WANG Junbiao,JIANG Jianjun

DOI: https://doi.org/10.3969/j.issn.1005-2402.2008.05.037

2008-01-01

Abstract:Lots of information systems are invested blindly in the process of enterprise informationization, but there is no effective method to evaluate their benefit. Accordingly, a fuzzy synthesized evaluation method based on critical success factor (CSF) and business process value is proposed. It analyses and quantifies the value of business process and the value which information system effect on the business process. The method is useful for analyzing the implementation benefit and weakness of information system.

HE Ting-ting,LIU Yang

DOI: https://doi.org/10.3969/j.issn.1008-5327.2007.02.022

2007-01-01

Abstract:This article elaborates the necessity of the information security appraisal of the campus net and the content of the information security appraisal.According to the relative principles of security of information,this article brings forward the appraisal system model,and based on this model,the paper discusses how to measure the security of the net.

SHEN Jie,ZHU Qing-hua

DOI: https://doi.org/10.3969/j.issn.1007-7634.2005.07.032

IF: 8.1

2005-01-01

Information Sciences

Abstract:By the qualitative and quantitative analysis,this paper introduces the current research status of evaluation criteria of networked information resources abroad. It also analyzes and summarizes the current research status in China using bibliometrics method.

陈秀真,郑庆华,管晓宏,林晨光

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.12.005

2004-01-01

Abstract:Aiming at the weakness of being unable to evaluate the threat of combination of vulnerabilities on network security for most systems of security evaluation, a novel model of security evaluation based on rough set theory was put forward. This model considered the vulnerability as a security factor and the security evaluation model was built from historical evaluation records by using attribute reduction. Further, the measurement model of hierarchical security risk with three levels: security factor, service and host computer, was built, which calculated the security risk of the host by weighting the importance of service and security factor, then the security situation of the system was analyzed and evaluated. Compared with other evaluation methods, this method can create a rule-based model of security evaluation automatically and has advantage of evaluating threat of isolated security factor and combination of security factors on the same host. It can also monitor the impact of changes of the system configuration on system security. Nine useful rules for security evaluation were discovered from 7 days' evaluation records and security situation curves were established through simulation experiment, which shows that evaluation results by our method are more accurate and intuitive than others.

Huahui Lv,Zhe Ming,Aidong Xu,Hang Yang

DOI: https://doi.org/10.1109/CISCE.2019.00100

2019-07-05

Abstract:Social development has driven the rapid development of computer technology and networks and computers and networks have become "universal" from "rare". But the security instability that followed has also become a major problem in testing individuals and society. Therefore, in the fast and stable establishment of the computer system, how to improve the computer security defense capability has become a difficult problem that we urgently need to study and explore. This paper first analyzes the basic concepts of information security, refines related issues and puts forward suggestions on how to prevent and measure methods based on actual conditions, hoping to help the governance business.

Computer Science

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

ZHAO Hong-mei,LI Wei-ying,WANG Fu-shun,JIN Hua,PENG Yu-rong

DOI: https://doi.org/10.3969/j.issn.1003-188X.2008.09.071

2008-01-01

Abstract:This article describes the concept and characteristic of SSE-CMM.An evaluation process of system security of Hebei wheat planting expert system has been worked out and the evaluation process is used to analyze the information system security.The conclusions can be used to improve the system security.

Xiaolin Wang,Yan Sang,Yi Liu,Yingwei Luo

DOI: https://doi.org/10.1007/978-94-007-2105-0_31

2011-01-01

Abstract:With the development of virtualization technology, some security problems have appeared. Researchers begin to suspect the security of virtualized environment and consider how to evaluate the security degree of virtualized environment. But there are not uniform virtualized environment security evaluation criteria at present. In this paper, we analyze the security problem in virtualized environment and present our virtualized environment security evaluation criteria. We take a further research on support technology and authentication method. First, we introduce the background of the problem. Next, we summarize the related work. After that we present our virtualized environment security evaluation criteria and introduce our work on support technology and authentication method. For support technology, we propose some safety guarantee technology for each security level. For authentication method, we give some ideas for the evaluation of each security level.

吴海燕,戚丽,沈立强

DOI: https://doi.org/10.3969/j.issn.1002-4956.2008.08.001

2008-01-01

Abstract:Sound information security system is the powerful guarantee for e-campus's sustainable development.This paper performs security risk analysis on the e-campus information integration stage.The e-campus will be divided into several security domains,and security technology will be deployed accordingly.Under the guidance of this thought,Tsinghua University built its information security system.The practice of work is introduced finally.