| 一种面向对象的信息系统安全评估方法 |
| |
| 引用本文: | 闫强,舒华英,陈钟,段云所.一种面向对象的信息系统安全评估方法[J].北京邮电大学学报,2005,28(4):69-73. |
| |
| 作者姓名: | 闫强 舒华英 陈钟 段云所 |
| |
| 作者单位: | 北京邮电大学,经济管理学院,北京,100876;北京大学,计算机科学技术系,北京,100871 |
| |
| 摘 要: | 安全评估是进行信息系统安全风险管理的重要途径,但安全评估目前缺乏有效的方法及工具. 通过利用面向对象的技术,建立了安全评估对象模型,提出了关联检测和依赖检测的概念,并开发了相应的工具. 应用结果表明,利用面向对象技术可以有效提高信息系统安全评估效率,同时关联检测和依赖检测也改进了穿透测试的效果.
|
| 关 键 词: | 面向对象 安全上下文 安全评估 对象模型 |
| 文章编号: | 1007-5321(2005)04-0069-05 |
| 修稿时间: | 2004年9月20日 |
An Object-Oriented Method for Information System Security Evaluation |
| |
| YAN Qiang,SHU Hua-ying,CHEN Zhong,DUAN Yun-suo.An Object-Oriented Method for Information System Security Evaluation[J].Journal of Beijing University of Posts and Telecommunications,2005,28(4):69-73. |
| |
| Authors: | YAN Qiang SHU Hua-ying CHEN Zhong DUAN Yun-suo |
| |
| Affiliation: | 1School of Economics and Management, Beijing University of Posts and Telecommunications, Beijing 100876, China; 2Department of Computer Science and Technology, Beijing University, Beijing 100871, China |
| |
| Abstract: | Security evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects. |
| |
| Keywords: | object-oriented security context security evaluation object model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
