The configuration of information system security policy is directly related to the information asset risk, and the configuration required by the classified security protection is able to ensure the optimal and minimum...The configuration of information system security policy is directly related to the information asset risk, and the configuration required by the classified security protection is able to ensure the optimal and minimum policy in the corresponding security level. Through the random survey on the information assets of multiple departments, this paper proposes the relative deviation distance of security policy configuration as risk measure parameter based on the distance of information-state transition(DIT) theory. By quantitatively analyzing the information asset weight, deviation degree and DIT, we establish the evaluation model for information system. With example analysis, the results prove that this method conducts effective risk evaluation on the information system intuitively and reliably, avoids the threat caused by subjective measurement, and shows performance benefits compared with existing solutions. It is not only theoretically but also practically feasible to realize the scientific analysis of security risk for the information system.展开更多
As a significant measure of software security evaluation, software reliability evaluation is also the basis of software safe operation. Traditional software system security evaluation methods are qualitative evaluatio...As a significant measure of software security evaluation, software reliability evaluation is also the basis of software safe operation. Traditional software system security evaluation methods are qualitative evaluation based on the functional and structural measurements, and it often ignores quantitative research based on invalidity and fault. This paper propose a stochastic transition function as a measure parameters of the reliability of stochastic Petri nets (SPN) theory. By calculating the probability of stability of the system, failure and mean time to first failure, it establishes an evaluation and measurement method for software reliability. With example analysis, the method can conduct effective evaluation on the software reliability index quickly and accurately, and meanwhile provides a new method for the software security evaluation.展开更多
基金Supported by the National Natural Science Foundation of China(61662009)the Education Reform Project in Guizhou Province(SJJG201404)the Natural Science Foundation of Guizhou Province Education Department(KY(2015)367)
文摘The configuration of information system security policy is directly related to the information asset risk, and the configuration required by the classified security protection is able to ensure the optimal and minimum policy in the corresponding security level. Through the random survey on the information assets of multiple departments, this paper proposes the relative deviation distance of security policy configuration as risk measure parameter based on the distance of information-state transition(DIT) theory. By quantitatively analyzing the information asset weight, deviation degree and DIT, we establish the evaluation model for information system. With example analysis, the results prove that this method conducts effective risk evaluation on the information system intuitively and reliably, avoids the threat caused by subjective measurement, and shows performance benefits compared with existing solutions. It is not only theoretically but also practically feasible to realize the scientific analysis of security risk for the information system.
基金Supported by the Education Reform Project in Guizhou Province(SJJG201404)Engineering Center of Avionics Electrical and Information Network of Guizhou Province Colleges and Universities(HKDZ201406)
文摘As a significant measure of software security evaluation, software reliability evaluation is also the basis of software safe operation. Traditional software system security evaluation methods are qualitative evaluation based on the functional and structural measurements, and it often ignores quantitative research based on invalidity and fault. This paper propose a stochastic transition function as a measure parameters of the reliability of stochastic Petri nets (SPN) theory. By calculating the probability of stability of the system, failure and mean time to first failure, it establishes an evaluation and measurement method for software reliability. With example analysis, the method can conduct effective evaluation on the software reliability index quickly and accurately, and meanwhile provides a new method for the software security evaluation.