摘要
目前电力信息系统尚缺乏定量化的安全体系设计方法和辅助工具。文章提出了一种基于模式的定量化安全体系设计方法,分别采用攻击模式和保护模式对攻击行为和安全措施建模,并基于集合论严格定义了几种安全措施选择的量化指标。文章从安全策略、系统建模、攻击建模、安全措施建模、风险度量、风险分析、安全措施选择等方面详细论证了新方法相对于传统风险管理方法的优势,并进一步将安全体系设计问题抽象为0-1整数规划的数学模型,以降低安全体系设计的代价,实现安全体系设计的计算机辅助工具。
At present there are not quantitative security architecture design methods and computer-aided design tools for power information system. The authors propose a pattern based quantitative security architecture design method, in which the aggressive behavior and safeguard are modeled by aggressive pattern and safeguard pattern respectively and the quantitative indices to select several safeguards are strictly defined with set theory. The advantages of the proposed method over the traditional risk management method are demonstrated in detail in security policy, system modeling, attack modeling, safeguard modeling, risk measurement, risk analysis and selection of safeguards. In order to decrease the cost of security architecture design and implement computer-aided design tools, the security architecture design process is further abstracted into a mathematical model of 0-1 -integer programming.
出处
《电网技术》
EI
CSCD
北大核心
2006年第2期7-13,共7页
Power System Technology
基金
国家863高技术基金项目(2002AA145040)~~
关键词
网络安全
电力信息系统
安全体系设计
风险管理方法
定量化方法
Network security
Power information system
Security architecture design
Risk management method
Quantitative method