Qinghong Shen,Hongye Su

DOI: https://doi.org/10.1002/apj.1623

2012-01-01

Asia-Pacific Journal of Chemical Engineering

Abstract:Manufacturing industry needs a more effective and unified information system to meet market demand changes and societal/environmental requirements. The international standard ISO/IEC 62264 (an adoption of ISA SP95) presents an integrated framework for business planning & logistics, manufacturing operation management, and control. The information system integration models proposed in this standard are based on UML (Unified Modeling Language). OPM (Object Process Methodology) is a new modeling approach with much more advantages comparing to UML. This paper re-builds the information system integration models in ISO/IEC 62264 based on OPM. The application in an oil refinery factory verifies the effectiveness of these models and the convenience of OPM.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

YU Zhi-wei,TANG Ren-zhong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.11.026

2007-01-01

Abstract:In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the need,permit,can security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.

GUO Jian-dong,QIN Zhi-guang,ZHENG Min

DOI: https://doi.org/10.3969/j.issn.1001-0548.2008.02.035

2008-01-01

Abstract:In order to construct a secure architecture which possesses enough strictness and practicability using mechanisms of password, log auditing, and authority, a model of security for information system including interface logic, business logic, and abnormal activity detection is proposed in this paper. The working flows and functions of main components of the model are described. At the same time the abnormal activities in an information system are analyzed, and the working methods of abnormal activities detector, a practical format of log data, and the protecting method of log file are introduced as well.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P Syam

DOI: https://doi.org/10.48550/arXiv.1204.0240

2012-04-02

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security,Software Engineering

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Lam‐for Kwok,Dennis Longley

DOI: https://doi.org/10.1108/09685229910255179

1999-03-01

Abstract:Information security management has been placed on a firmer footing with the publication of standards by national bodies. These standards provide an opportunity for security managers to gain senior management recognition of the importance of procedures and mechanisms to enhance information security. They may also place demands on security managers to provide convincing demonstration of conformance to the standards. The risk data repository (RDR) computer model described in this paper was developed to manage organisational information security data and facilitate risk analysis studies. The RDR provides a form of computer documentation that can assist the security officer to maintain a continuous record of the organisational information security scenario and facilitate system security development, business continuity planning and standards conformance audits.

Huiqun Yu,Xudong He,Yi Deng,Lian Mo

2004-01-01

Abstract:Software architecture plays a central role in developing software systems that satisfy functionality and security requirements. However, little has been done to integrate system design with security enforcement, which would otherwise benefits both development process and system’s quality of service (QoS). This paper proposes a formal method to integrate security administration into software architecture design. We use the Software Architecture Model (SAM), a general software architecture model combining Petri nets and temporal logic, as the underlying formalism. Several techniques for designing functionalit y of software architectures are presented. Security modelin g and administration methods are proposed. As such, SAM serves as a common platform for modeling, design and analysis of secure software architectures.

饶元,陆淑敏,李尊朝,冯博琴

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.12.023

2004-01-01

Abstract:After formulated the definition of information security, an XML-based logistic security hierarchical structure and a protocols stack were presented in the paper. Moreover, a XKMS Trust Architecture Model, XKMS-TA, was built on some XML-based security technology, such as XML-Encryption, XML-Signature, XML-Access Control and XKML. This model decreased effectually the degree of complexity about the client collocated, PKI deployed and the cost of operating maintained, as well as increased the interoperation between the PKI sites. Furthermore, mixed the XKMS-TA model and XML-Access Control technology, XBSIA (XML-Based Security Integrated Architecture), a new XML-based Security integrated solution, was designed and applied in the programming of OPEN-CLASS system. The results of practice proved that XBSIA solution has great security and dynamic maintenance.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Zhang Lianhua,Zhang Jie,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.08.047

2006-01-01

Abstract:Security model need the feature attributes of the protected information system.For example,alert correlation analysis can evaluate whether the alert is false or not by comparing the attack prerequisite with the configuration information of attacked destination information system.A new information system model from the security view is proposed in this paper,which include both the static structure and dynamic activity.The model incorporates the present related information model such as NERD,Netmap etc.and,more inportantly,it provides a bridge between the security theory research and engineering practice.

Hamid Moghaddasi,Samad Sajjadi,Mehran Kamkarhaghighi

DOI: https://doi.org/10.2174/1874431101610010004

2016-10-28

Abstract:Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Wissam Abbass,Amine Baina,Mostafa Bellafkih

DOI: https://doi.org/10.1109/cist.2016.7805039

2016-10-01

Abstract:The Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects information availability, integrity, and privacy. However, this latter remains a difficult area to establish and maintain, especially in the environment of today's organizations where operations are conducted in a complex and interconnected context. The aim of this paper is to highlight the contribution of Enterprise Architecture Management (EAM) in order to improve ISSRM. When organization business services and strategic planning are aligned with proactive ISSRM activities, a well-defined strategy to reach business value is achieved. For this purpose, we will first explore risk management methods and security modeling languages to understand why EAM would be benefic. The contribution of this paper is an ISSRM model described by the constructs of ArchiMate, a well-known EAM modeling language.

Jian Zhou,Qing Li,Dafeng Xu,Tianyuan Xiao

DOI: https://doi.org/10.1109/EDOCW.2006.49

2006-01-01

Abstract:We present the structure of an ontology for Information Security (IS) and discuss a paradigm whereby it can be used to extract knowledge from natural language texts such as IS standards, security policies and security control descriptions. Besides providing ...

Kwo‐Shing Hong,Yen‐Ping Chi,Louis R. Chao,Jih‐Hsing Tang

DOI: https://doi.org/10.1108/09685220310500153

2003-12-01

Abstract:With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Lirong Dai,Kendra Cooper

2007-01-01

Abstract:There has been a growing interest in investigating methodologies to support the development of secure sys- tems in the software engineering research community. Re- cently, much attention has been focused on the modelling and analysis of security properties for systems at the soft- ware architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software de- velopment life-cycle. This reduces development time, re- duces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a sur- vey for researchers involved in the problem of systemat- ically modelling and analyzing software architecture de- sign that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authenti- cation, role-based access control, etc.), and the kind of example system that has been used to illustrate the ap- proach (information, distributed, etc.).

Lirong Dai,Yan Bai

DOI: https://doi.org/10.1109/SSIRI.2011.25

2011-01-01

Abstract:Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.

Jeb Webb,Atif Ahmad,Sean B. Maynard,Graeme Shanks

DOI: https://doi.org/10.1016/j.cose.2014.04.005

2014-07-01

Abstract:Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.

computer science, information systems

Y Hu,XR Xie,YZ Xin

DOI: https://doi.org/10.1109/pes.2004.1372957

2005-01-01

Abstract:This paper presents a modeling language and a quantitative evaluation approach for the security of power information systems. We firstly design a security architecture design trace language to universally describe system structures, services, security policies, attack behaviors and countermeasures. Next an automated risk analysis algorithm is proposed to get attack traces of power information systems. Then, based on the concept of relative security degree, security architecture can be quantitatively evaluated. Finally, with a case study in a real power information system, the effectiveness of the presented approach is demonstrated. In practice, the approach can be employed for assessing various kinds of countermeasures, such as increasing a new security function, adjusting system self structure, and changing customer operation requirements. And it can greatly decrease the subjectivity of counter-measure selection.