摘要
在给出事件驱动系统安全漏洞的基础上,指出了产生漏洞的根本原因是:系统忽视了输入系统的事件序列之间存在的相关性;系统无条件信任任何事件源产生的事件。针对这两个原因,相应提出了事件序列形式安全分析模型及基于事件源的可信度评估模型,依据这两个模型,构建了一种改进的事件驱动系统框架。
Based on the presentation of the security vulnerability of the event-driven system, this paper points out the deep reasons for the vulnerability of system: (1) The system ignores the inherent correlation among events; (2) The system trusts events from any sources without condition. In view of these two reasons, this paper presents an analytical model for security of event sequence, and an evaluation model of trustworth/ness based on event source. Furthermore, this paper constructs an improved event-driven system infrastructure based on the two models.
出处
《国防科技大学学报》
EI
CAS
CSCD
北大核心
2008年第3期70-75,共6页
Journal of National University of Defense Technology
基金
国家部委基金资助项目(9140C1102060707)
关键词
信息安全
事件驱动系统
事件序列
事件源
可信度
information security
event-driven system
event sequence
event source
trustworthiness
