北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2005, Vol. 28 ›› Issue (4): 69-73.doi: 10.13190/jbupt.200504.69.076

• 研究报告 • 上一篇    下一篇

一种面向对象的信息系统安全评估方法

闫强1,舒华英1,陈钟2,段云所2   

  1. 1北京邮电大学 经济管理学院, 北京 100876; 2北京大学 计算机科学技术系, 北京 100871
  • 出版日期:2005-08-28 发布日期:2005-08-28

An ObjectOriented Method for Information System Security Evaluation

YAN Qiang1,SHU Huaying1,CHEN Zhong2,DUAN Yunsuo2   

  1. 1School of Economics and Management, Beijing University of Posts and Telecommunications, Beijing 100876, China;  2Department of Computer Science and Technology, Beijing University, Beijing 100871, China
  • Online:2005-08-28 Published:2005-08-28

摘要:

安全评估是进行信息系统安全风险管理的重要途径,但安全评估目前缺乏有效的方法及工具. 通过利用面向对象的技术,建立了安全评估对象模型,提出了关联检测和依赖检测的概念,并开发了相应的工具. 应用结果表明,利用面向对象技术可以有效提高信息系统安全评估效率,同时关联检测和依赖检测也改进了穿透测试的效果.

关键词: 面向对象, 安全上下文, 安全评估, 对象模型

Abstract:

ecurity evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects.

Key words: object oriented, security context, security evaluation, object model

中图分类号: