作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (2): 105-105. doi: 10.3969/j.issn.1000-3428.2008.02.035

• 安全技术 • 上一篇    下一篇

面向安全管理的定量安全评估模型

栗志果1,2,曾庆凯1,2   

  1. (1. 南京大学计算机软件新技术国家重点实验室,南京 210093;2. 南京大学计算机科学与技术系,南京 210093)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-01-20 发布日期:2008-01-20

Quantitative Security Evaluation Model for Security Management

LI Zhi-guo1,2, ZENG Qing-kai1,2   

  1. (1. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093;
    2. Department of Computer Science and Technology, Nanjing University, Nanjing 210093)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-01-20 Published:2008-01-20

摘要: 提出面向安全管理的系统安全评估模型贝叶斯功能网络,采用风险分析方法建立反映安全功能和威胁关系的贝叶斯信念网络,可以对功能组件缺失程度及其对系统安全的影响进行量化评估。实验表明,模型不仅可用于系统的安全评估比较,而且能够指出系统存在的缺陷以便优化和改进。

关键词: 安全评估, 定量安全评估, 贝叶斯功能网络, 风险分析

Abstract: This paper proposes a quantitative security evaluation model, BFN, which reflects the probability relationship between functional components and threats in a system, based on risk analysis approach. By this model it can quantitatively evaluate the deficiency in functional components of a system as well as its impact on the system. The experiments demonstrate that the model can compare different systems in security, and optimize a system by analyzing its weakness.

Key words: security evaluation, quantity security evaluation, Bayesian Function Network (BFN), risk analysis

中图分类号: