| 基于业务效能的信息系统安全态势指标 |
| 王丹琛1,2, 徐扬1, 李斌3, 何星星1 |
| 1. 西南交通大学 智能控制开发中心, 成都 610031; 2. 四川省信息安全测评中心, 成都 610017; 3. 中国信息安全测评中心, 北京 100085 |
| Mixed-index information system security evaluation |
| WANG Danchen1,2, XU Yang1, LI Bin3, HE Xingxing1 |
| 1. Intelligent Control Development Center, Southwest Jiaotong University, Chengdu 610031, China; 2. Sichuan Information Security Testing Evaluation Center, Chengdu 610017, China; 3. China Information Technology Security Evaluation Center, Beijing 100085, China |
摘要:
| |||
| 摘要为获取系统运行时安全态势的完整性, 在现有的信息安全态势评估指标体系中引入了业务效能指标, 提出了一种混合指标的信息系统安全态势评估方法。首先, 基于Q·S模型构建了系统业务效能指标体系, 其中包含实数型、区间型和语言型数据, 并通过BECM方法获得系统的业务效能指数; 其次, 针对系统的安全风险态势、稳定性态势等属性导致系统整体安全态势不确定性的问题应用格蕴涵代数的语言值综合评价模型, 对该文构建的指标体系进行评价, 得到了完整的信息系统安全态势; 最后, 通过示例证明提出的信息系统安全态势评估方法具有直观可信的态势评估结果, 有利于决策分析。 | |||
| 关键词 :业务效能指数,混合指标,安全态势,不可比较性,语言值评价 | |||
| Abstract:A mixed-index evaluation method is given to evaluate the security of system operations using a business effectiveness index. The business effectiveness index was established in Q·S, with real type, interval data and language types using BECM. A complete information system security evaluation then uses a general consideration of both the business effectiveness index and other security indexes. The uncertainty of the overall system security due to incomparable attribute characteristics, such as the security risk and stable operating descriptions is improved by a comprehensive model to evaluate linguistic terms using lattice implication algebra. Examples demonstrate that this method gives intuitive, credible evaluations for decision analyse. | |||
| Key words:business effectiveness indexmixed-indexsecurity situationincomparabilitylinguistic evaluation | |||
| 收稿日期: 2016-01-13 出版日期: 2016-05-19 | |||
| |||
| 通讯作者:徐扬, 教授, E-mail: xuyang@home.swjtu.edu.cnE-mail: xuyang@home.swjtu.edu.cn | |||
| 引用本文: |
| 王丹琛, 徐扬, 李斌, 何星星. 基于业务效能的信息系统安全态势指标[J]. 清华大学学报(自然科学版), 2016, 65(5): 517-521,529. WANG Danchen, XU Yang, LI Bin, HE Xingxing. Mixed-index information system security evaluation. Journal of Tsinghua University(Science and Technology), 2016, 65(5): 517-521,529. |
| 链接本文: |
| http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.010或 http://jst.tsinghuajournals.com/CN/Y2016/V65/I5/517 |
图表:
 |
| 表1 业务效能指标体系 |
 |
| 图1 信息系统业务效能AHP模型 |
 |
| 图2 语言真值格蕴涵代数LV(n×2)的Hasse图 |
参考文献:
| [1] Ulrik F, Joel B. Cyber situational awareness-A systematic review of the literature[J].Computer & Security, 2014,46:18-31. [2] Endsley M R. Design and evaluation for situation awareness enhancement[C]//Proceedings of the Human Factors Society 32nd Annual Meeting. California:Human Factors & Ergonomics Society Meeting,1988:97-101. [3] Endsley M R. Toward a theory of situation awareness in dynamic systems[J].Hum Factors Mar, 1995,37(1):32-64. [4] Bass T, Gruber D. A glimpse into the future of ID[Z/OL]. (1999-11-16). http://www.usenix.org/publicaitons/login/1999-9/features/future.html. [5] 龚正虎, 卓莹. 网络态势感知研究[J]. 软件学报, 2010,21(7):1605-1619. GONG Zhenghu, ZHUO Ying. Research on cyberspace situational awareness[J].Journal of Software, 2010,21(7):1605-1619.(in Chinese) [6] Hall D, Llinas J. An introduction to multisensory data fusion[J].Proceedings of the IEEE, 1997,85(1):6-23. [7] Klein G, Gnther H, Trber S. Modularizing cyber defense situational awareness-Technical integration before human understanding[J]. Computer Information, 2012,10:307-318. [8] Yang S, Byers S, Holsopple J, et al. Intrusion activity projection for cyber situational awareness[C]//IEEE International Conference on Intelligence and Security Informatics. Taipei:Springer International Publishing, 2008:167-172. [9] 王娟, 张凤荔, 傅翀, 等. 网络态势感知中的指标体系研究[J]. 计算机应用, 2007,27(8):1907-1912. WANG Juan, ZHANG Fengli, FU Chong, et al. Study on index system in network situation awareness[J].Journal of Computer Applications, 2007,27(8):1907-1912. (in Chinese) [10] 蒋运承, 汤庸. 服务组合的质量估计模型[J]. 小型微型计算机系统, 2006,27(8):1519-1525. JIANG Yunchen, TANG Yong. Quality of service estimation model for service composition[J].Journal of Chinese Mini-Micro Computer Systems, 2006,27(8):1519-1525. (in Chinese) [11] Liu Y, Ngu A H, Zeng L. Q·S computation and policing in dynamic web service selection[C]//Proceedings of the WWW'04. New York:ACM Press, 2004:42-53. [12] Wang X, Vitvar T, Kerrigan M, et al. Synthetical evaluation of multiple qualities for service selection[C]//In:Asit D, Winfried L, eds. Proceedings of the ICSOC'06. LNCS 4294. Heidelberg:Springer-Verlag, 2006:152-162. [13] Xu Y, Chen S W, Ma J. Linguistic truth-valued lattice implication algebra and its properties[C]//IMACS Multi Conference on Computational Engineering in System Application. Beijing:IEEE, 2006:1413-1418. [14] Liu J, Xu Y, Ruan D, et al. A lattice-valued linguistic-based decision-making method[C]//2005 IEEE International Conference on Granular Computing. Beijing:IEEE, 2005:199-202. |
相关文章:
|
