摘要
信息安全计量有其特殊性,除了与时间相关的测量以外,其他方面难以应用国际基本测量单位(SI),缺少对不确定性定量分析的方法。相对而言,硬件部分比较容易测量,因为它有成熟的物理与化学测量科学作支撑,但软件部分却要复杂与困难得多,因为缺乏软件方面的测度。论文尝试将计量科学的原理和方法,应用于信息技术产品或系统的安全测量,提出一种信息安全测量模型,并对安全测量的过程模型和信息模型进行了探讨。
The infosec estimation has its own specific characteristics. In exception of the measurement correlated with time, the Syste'me International d' Unites(SI) is hardly to be applied in the other fields ofinfosec estimation,thus it is in want of the method for quantitative analysis on the uncertainty of infosec estimation. Comparatively speaking,with the support by mature technologies of physical and chemical measurement sciences,it is relatively easy for the measurement of hardware component,while much more complicated and difficult for the measurement of software component due to lack of the measures in software aspect. Applying the principle and method of metrology in information technology security measurement, the paper proposes a information security measurement model, with detailed describing the process model and information model of security measurement.
出处
《信息安全与通信保密》
2008年第6期27-30,共4页
Information Security and Communications Privacy
关键词
计量学
测量
信息安全
metrology
measurement
information security
