基于构件组装的信息系统安全评估

Research of Information System Security Assessment based on Components Composition

安全评估是对信息系统进行风险管理的一个重要步骤。本文讨论的是考虑系统结构影响在内系统级别的安全评估问题,对系统构件等相关概念进行了界定,并给出了相应的研究假设。在此基础上通过一个实例讨论了构件安全性与系统安全性之间的关系,最后提出了基于构件组装的一个安全评估框架。

Security assessment is an important process to carry out information system risk management. This paper focuses on the issue of system-wide security assessment considering the system architecture. In this paper, some security relevant concepts components are defined and the research hypothesis is also given. After this, the relation between system component security and system-wide security is discussed, and a security assessment framework based on components composition is presented.