面向业务活动的信息系统安全模型

为了弥补现有的安全模型在描述信息系统方面的不足，提出一种信息系统安全模型，以保护业务活动为出发点，从安全角度对信息系统进行描述.通过分析信息系统及其安全的本质特征，给出了信息系统安全模型的基本要素及其相互关系之间的操作关系和“需要”、“允许”、“能”的安全约束，并通过形式化方法对安全模型基本要素之间的关系进行了描述.该模型不仅反映了信息系统资产之间的安全关系，还反映了信息系统支持业务活动的本质，明确了信息系统资产对业务活动支持的相互关系.最后给出了一个制造企业信息系统安全模型实例.

Business activity-oriented security model of information systems

In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the "need","permit","can" security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.