摘要
CAE模型具有很强的层次性与结构性,被广泛用于复杂的信息安全测评过程中。采用CAE模型对等级测评的过程进行建模,将测评过程的多个层面简化为声明-论据-证据三种层次,并从测评指标的选择和测评结果的融合两个方面具体说明了CAE模型的作用。结果表明等级测评的过程完全可以归纳入CAE模型中,等级测评的过程与CAE模型的分解和推理过程是一致的,进一步验证了信息安全等级保护标准支持下的等级测评的有效性和合理性。
CAE model is strongly hierarchical and structured, and has been widely used in the complicated information security testing and evaluation process. In this paper, by modelling the process of classification evaluation with CAE, the multiple levels of evaluation process will be simplified to three levels, i.e. claim-argument-evidence, and the role of CAE is also specified from two aspects : the selection of evaluation indicators and the integration of the evaluation results. Results indicate that the classification evaluation process can be wholly subsumed into CAE model, and the evaluation process is consistent with the decomposing and reasoning process of the CAE model, this provides further evidences of the effectiveness and rationality for the classification evaluation under the support of information security classification protection standards
出处
《计算机应用与软件》
CSCD
北大核心
2012年第10期230-233,共4页
Computer Applications and Software
关键词
等级保护
等级测评
CAE
Classification protection Classifiation evaluation CAE (claim-argument-evidence)
