共查询到20条相似文献,搜索用时 892 毫秒
1.
物联网是一种将虚拟网络世界与现实物理世界相结合的综合信息技术,具有广泛的应用和庞大的潜在市场.但是,物联网安全方面的现有技术远不能满足产业的需求.本文指出物联网的安全问题与传统网络环境的信息安全(称为IT安全)有着本质区别.传统网络安全保护的主要是信息,因此使用IT安全技术.本文强调物联网系统除了要保护信息安全外,还需要对操作进行安全保护,这类技术称为OT安全技术.本文对OT安全的概念和内涵进行了描述,指出OT安全是信息转化为物理活动行为的安全问题,其安全防护的目标与传统的信息安全保护不同,尽管在实现技术方面有许多类似的技术.本文分析了IT安全与OT安全的特性,这些特性包括物联网中的IT技术与OT技术相互作用和相互影响,并阐述常用的IT安全与OT安全保护技术. 相似文献
2.
《Computers & Security》1986,5(3):218-242
Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated with computers. In most cases, the effort to improve security should concentrate on the application software. The system development life cycle (SDLC) technique provides the structure to assure that security safeguards are planned, designed, developed and tested in a manner that is consistent with the sensitivity of the data and/or the application. The software quality assurance process provides the reviews and audits to assure that the activities accomplished during the SDLC produce operationally effective safeguards.This paper addresses two issues of concern to those responsible for ensuring that the safeguards incorporated into application software are adequate and appropriate. The first issue addresses the integration of specific security activities into the SDLC. The discussion of this issue addresses the following security activities in the SDLC; determination of the sensitivity of the application and data; determination of security objectives; assessment of the security risks; conduct of the security feasibility study; definition of security requirements; development of the security test plan; design of the security specifications; development of the security test procedures; writing of the security-relevant code; writing of the security-relevant documentation; conduct of the security test and evaluation; writing on the security test analysis report; and, preparation of the security certification report.The second security issue addresses the security reviews and audits that should be integrated into the software quality assurance process to ensure that the security activities in the SDLC are accomplished. The security reviews and audits discussed include: the security requirements review; the security design review; the security specifications review; the security test readiness review; and the security test and evaluation review. Also addressed is how quality software is defined and achieved and why and how the concept of quality should be applied to application software security safeguards. 相似文献
3.
网络安全态势评估是目前网络安全领域的研究热点之一。对国内外已有的网络安全态势评估方法进行了分析和比较,提出一种融合多源数据的网络安全态势定量评估模型。同时考虑主机和链路对网络安全态势的影响,将网络安全态势指标归纳为主机安全指标和链路安全指标。采用改进D-S证据理论融合日志记录、告警信息和其他探针数据,得到精简的主机安全事件集合和链路安全事件集合。依据相应的服务信息分别计算主机安全态势和链路安全态势,实现网络安全态势定量评估。通过网络仿真软件构建网络实例,对所提出的网络安全态势评估模型进行了验证,实验结果表明该模型可以准确地对网络安全态势进行定量评估,评估结果能够客观地反映网络安全态势的变化趋势。 相似文献
4.
5.
针对3G网络中不同业务具有不同的安全需求,提出一种基于安全等级的安全系统模型.把决定安全策略的因素划分为安全等级、安全场景、安全元以及安全算法和协议,并设计出安全策略表,对安全策略进行有效管理.该方法不仅为移动通信运营商实现增值安全服务提供技术保障,还解决用户按需分配的安全服务问题. 相似文献
6.
在大规模网络安全事件应急响应过程中,一个网络安全态势评估系统可以起到很好的辅助决策作用。提出了一种计算网络安全危害指数的方法,并在这种方法基础上设计实现了一个大规模网络安全态势评估系统。该系统通过对网络安全事件的模拟重放,对网络安全状况进行评估,给出网络整体的安全危害指数,并提出针对安全事件的响应控制策略。系统运行结果表明,这种安全态势评估的方法针对大规模网络安全行为是有效的。 相似文献
7.
陈新建 《网络安全技术与应用》2007,(3):68-69
本文通过对校园网安全现状的分析,列举了目前校园网普遍存在的常见网络安全问题。并针对上述问题,结合最新的网络安全技术,提出了从制定安全管理制度、保证硬件物理安全和采用多种安全技术三个方面构建安全体系结构的改进对策。 相似文献
8.
安全问题是电子政务系统的关键,通过对贵州省电子政务系统进行的调研,发现目前的电子政务安全建设存在安全保障水平较低、缺乏相应的电子政务安全方面法律法规和安全管理体制不健全等方面问题。为了构建电子政务的安全保障体系,需要从安全技术、安全管理、安全法律三个方面进行相应的规范和建设,形成一个标准化的电子政务安全体系流程。 相似文献
9.
This paper describes a security architecture for mobile agent based systems. It defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We then discuss the application of the security model in roaming mobile agents and consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. Finally we describe the security infrastructure that implements the proposed security services and outline the development of a secure agent based application using the proposed architecture. 相似文献
10.
11.
12.
《Information & Management》2021,58(8):103526
Current information security behavior research assumes that lone individuals make a rational, informed decision about security technologies based on careful consideration of personally available information. We challenge this assumption by examining how the herd behavior influences users’ security decisions when coping with security threats. The results show that uncertainty about a security technology leads users to discount their own information and imitate others. We found that imitation tendency has a more substantial effect on security decisions than the personal perceived efficacy of the security technology. It is essential for researchers and managers to consider how the herd behavior effect influences users' security decisions. 相似文献
13.
物联网的大规模应用离不开安全性的保障。感知层在物联网体系结构中处于底层,承担信息感知的重任。感知层的安全问题是物联网安全与互联网安全主要的差别所在,是物联网安全的重点。针对物联网感知层的安全架构、感知层的安全威胁进行了分析总结;从无线射频识别( RFID)安全、无线传感器网络安全两个方面总结了近年来物联网感知层的安全性研究成果;提出了RFID安全和无线传感器网络安全的未来研究方向;给物联网安全领域的研究者提供一定的参考。 相似文献
14.
刘皓 《网络安全技术与应用》2014,(11):178-178
进入21世纪,国际恐怖主义、环境问题、信息安全等非传统安全问题,成为威胁人类安全和国家安全的主要方面。随着互联网络和移动电话等新兴媒体的飞速发展,非传统安全问题与新兴媒体的传播越来越多地发生了关联。公安教育是我国高等教育的一个重要组成部分,但是公安高校大学生普遍意识到对非传统安全问题接触不多,学校教育严重不足。如何有效的利用新媒体技术对公安高校大学生开展非传统安全教育,已经成为当下警察教育的一项重要课题。 相似文献
15.
16.
孙登昕 《网络安全技术与应用》2014,(3):142-142,144
计算机技术的不断发展,网络的不断普及,在给我们的工作,学习,生活,娱乐带来了极大的方便和好处同时,也给我们带来了新的威胁,那就是计算机系统安全问题。而我们的常常讨论的计算机系统安全包括计算机安全、网络安全和信息安全。其中信息安全是主线,它贯穿于计算机安全和网络安全之中。正是网络的广泛应用,在工作和生活中扮演如此重要的角色,如何来保障信息安全已经成为一个重要的问题。值得注意的是在实际应用中,由于操作系统的不同,网络拓扑技术的区别,连接介质的选择,网络接入技术的变化给实现计算机系统安全带来了复杂的操作性。根据参考资料,总结出3个层次的安全策略:技术安全,行为安全,意识安全。 相似文献
17.
邵若琰 《网络安全技术与应用》2011,(9):20-22
公安信息网络是公安系统统一指挥、快速反应、协调作战、打击犯罪的一个内部网络平台,公安网络的安全对于提高互联网安全监控能力、建设网络犯罪监察与防范体系有至关重要的作用。如何在科技进步所带来的安全问题下确保公安信息网络的安全使用是我们每位民警都值得思考的一个问题。 相似文献
18.
Web服务安全体系结构研究 总被引:4,自引:0,他引:4
随着Web服务的普及,构建解决其各种安全问题的安全体系结构研究变得非常有意义。在分析了Web服务的基本组件、协议以及Web服务所需要的安全保证之后,提出了一种分层的安全体系结构。该体系结构充分利用了现有的安全技术和设施,综合了传输层次和SOAP层次上的安全措施来保证Web服务的安全。另外还对各层次上应采取的措施和应达到的安全性要求做了详细的分析。 相似文献
19.
This presentation of a systems theory is applicable to security in the private sector which is profit dependent. At a time of heightened security specialization, it is necessary to establish a professional consensus that all private security areas are unified at the basic conceptual level. Business and industry face numerous threats to profitability. Threats applicable to the mission of security have been organized here by the WAECUP (waste, accident, error, crime, unethical practice) acronym. WAECUP threats are shown to be so interrelated that a security department that ignores even one threat is bound to fail. Computer security and all private sector security are shown linked in efforts to make loss control (the author's term for modern security) effective. The most common fallacy about private security is to equate it with police activity. This myth is dismantled and security is defined by a careful comparison between law enforcement and private security with respect to their clients, goals, focus, environmental restructuring abilities, and movement (access) controls. A graphic Loss Control Model is offered to explain how informational transfer minimizes loss and tends to stabilize any corporation. It is an open-ended systems model that all private security practitioners can identify with and utilize as a heuristic tool. 相似文献
20.
文章通过分析给出未来安全态势趋势预测的系统,提出安全度量的目标是把专业的安全数据翻译成决策者关心的、与核心业务关联的评价指标,形成对安全态势度量的指标体系,并最终为管理者决策提供依据。 相似文献