| 基于GB/T 20274的信息系统安全技术保障评估及计算机实现 |
| |
| 引用本文: | 安伟,江常青,林家骏,张雪芹,袁文浩. 基于GB/T 20274的信息系统安全技术保障评估及计算机实现[J]. 医学教育探索, 2012, 0(5): 645-651 |
| |
| 作者姓名: | 安伟 江常青 林家骏 张雪芹 袁文浩 |
| |
| 作者单位: | 华东理工大学信息科学与工程学院, 上海 200237;中国信息安全测评中心, 北京 100085;华东理工大学信息科学与工程学院, 上海 200237;华东理工大学信息科学与工程学院, 上海 200237;华东理工大学信息科学与工程学院, 上海 200237 |
| |
| 摘 要: | 国家标准GB/T 20274定义了信息系统的安全技术保障要素集,并建议以能力成熟度等级的形式度量信息系统的安全技术保障性。本文首先对安全技术保障度量的能力成熟度等级进行量化处理;其次将信息系统组件的安全技术保障性表示成向量的形式,在向量和向量∞范数的基础上重新阐述了信息系统的安全技术保障模型;最后,给出了信息系统的安全技术保障的计算机实现算法。仿真实验结果验证了本文算法能有效地实现信息系统的安全技术保障的评估。
|
| 关 键 词: | 安全技术保障要素; 安全技术保障度量; 保障评估模型; 保障评估算法 |
GB/T 20274 Based Information System Security Technical Assurance Evaluation and Computer Realization |
| |
| AN Wei,JIANG Chang-qing,LIN Jia-jun,ZHANG Xue-qin and YUAN Wen-hao. GB/T 20274 Based Information System Security Technical Assurance Evaluation and Computer Realization[J]. Researches in Medical Education, 2012, 0(5): 645-651 |
| |
| Authors: | AN Wei JIANG Chang-qing LIN Jia-jun ZHANG Xue-qin YUAN Wen-hao |
| |
| Affiliation: | School of Information Science and Engineering, East China University of Science and Technology, Shanghai 200237, China;China Information Technology Security Evaluation Center, Beijing 100085, China;School of Information Science and Engineering, East China University of Science and Technology, Shanghai 200237, China;School of Information Science and Engineering, East China University of Science and Technology, Shanghai 200237, China;School of Information Science and Engineering, East China University of Science and Technology, Shanghai 200237, China |
| |
| Abstract: | National criteria GB/T 20274 defines the set of security technical assurance elements for the evaluation of information system security technical assurance, and provides security technical assurance metrics with different levels of capability maturity model. This paper firstly quantifies the security technical assurance metric levels, and then restates information system security technical assurance with the use of mathematical concepts, such as vector and vector infinity norm, and finally develops an effective algorithm for evaluating capability maturity levels of information systems in security technical assurance. The simulation shows that the proposed algorithm can effectively realize the security technical assurance evaluation of information systems. |
| |
| Keywords: | security technical assurance elements security technical assurance metrics assurance evaluation model assurance evaluation algorithm |
|
| 点击此处可从《医学教育探索》浏览原始摘要信息 |
|
点击此处可从《医学教育探索》下载全文 |
|
