摘要
阐述了信息安全等级测评过程、模型和测试方法。探讨了使用TTCN-3核心语言将测评标准转换为测试套的可能性,提出了用一致性测试模型进行信息安全等级测评的方法。根据一致性测试模型,给出了信息安全等级测评系统的设计方案。这一方案用强描述性规范化语言把权威的标准条款定义为测评标准库,再通过高层描述语言的通用转换平台转化为测试任务,然后由分布式的测评管理平台调度测评执行平台进行测评。
The processes, models, and test methods of information system grading are clarified. The probability of transforming evaluation standards into abstract suites by TTCN-3 core language is discussed. A method of testing and evaluation of information security using the model of the conformance testing is proposed. By the model of the conformance testing, an evaluation scheme of information system grading protection is presented. In this scheme, the evaluation standards are translated and integrated into a standard database by data description language before being translated into testing tasks by universal transforming platform. Then, the distributed testing management platform superintends the testing executive platform to do the testing.
出处
《计算机工程与设计》
CSCD
北大核心
2006年第23期4457-4460,共4页
Computer Engineering and Design
基金
安徽省"十五"二期科技攻关基金项目(040020381)