信息系统安全评估理论及其关键技术研究
|
摘要
当今社会,人们正经历着一场对人类具有深远影响的信息革命,信息系统正在成为国家建设的关键基础设施。信息系统的安全问题已从单纯的技术性问题变成事关国家安全的全球性问题,开展信息系统安全评估理论及其关键技术的研究具有极为重要的理论意义和实用价值。
本文在对国内外相关研究进行研究的基础上,针对信息系统安全评估中存在的主要问题,给出了一个信息系统安全评估研究的概念框架,并在该框架的指导下,采用定量与定性相结合的方法,对信息系统安全评估理论及其关键技术进行了研究。
(1)提出了一种实用的信息系统安全评估方法ISSUE;
通过对信息系统安全评估理论和方法的深入研究,提出的信息系统安全评估方法ISSUE(Information System SecUrity Evaluation),与同类研究相比,具有可操作性较强,独立、实用、评估结果具有可比性等特点。在此基础上,本文设计并实现了基于ISSUE方法的安全评估辅助系统,为用户提供了一个直观而简洁的评估界面,简化了信息系统安全评估的工作量。
(2)提出了一种新的安全风险概率预测技术;
本文针对信息系统自身的特点,基于统计学和机器学习原理,提出的信息安全风险概率预测模型,可以有效的提高安全风险评价结果的客观性与准确性。
(3)提出了一种基于模糊多属性群体决策的信息系统安全决策方法;
本文针对信息系统安全问题的不确定性、复杂性,将模糊数学、多属性决策和群体决策的理论和方法引入信息系统安全决策问题中,有助于进一步提高信息系统安全评估结果的准确性。在此基础上,设计并实现了基于模糊信息的交互式群体安全决策辅助系统。目前还未见到信息系统安全评估辅助决策支持系统的相关研究成果报道,该成果拓广和深化了信息系统安全评估决策的研究内容。
(4)对信息系统安全量化评估中的关键技术进行了研究。
本文分别提出了基于概率统计的信息系统安全定量评估方法和基于模糊数算术运算的信息系统安全定量评估方法,并对安全性的多维属性进行了研究,提出了一种基于多维安全度的信息系统安全性定量评估模型。
本文的意义在于通过信息安全、经济学、机器学习、决策科学、模糊数学等多学科交叉研究的方法,构建了信息系统安全评估的理论框架,并对其关键技术进行了深入研究。为信息系统安全评估研究引入新的思想,探索了提高信息系统安全评估效果的新途径,拓广和深化了信息系统安全评估的研究内容,对于提高安全评估的准确性和有效性有重要的理论和实践意义。
With the coming of Information Age, mankind's desire for information system security has increased tremendously. It will be meaningful to give an answer about 'how' secure an information system is. Moreover, in a rapidly globalizing and increasingly uncertain world, taking correct security evaluation and decisions becomes essential for survival of the organization or indeed of the nation. But users cannot be expected to know exactly whether the security properties of the information system they use really fulfill their requirements. The impartial and competent security evaluation of the information system is needed. Despite many security evaluation metrics out there, none has been approved widely. To grasp these new challenges, the field of security evaluation itself has to develop and become more practical and relevant on the needs of the day. Therefore, this thesis's purpose is to describe author's initial results of research in security evaluation to improve the performance of security evaluation for information system.The current achievements of research in information security evaluation areas such as security evaluation criteria and methods both inland and overseas have been studied in Chapter 1.In Chapter 2, the problems that should be studied in security evaluation of information system have been demonstrated. And the research framework of this thesis is brought forward.The author has been engaged in the research on security evaluation method of information system and proposes an operational evaluation method-ISSUE (Information System SecUrity Evaluation). Also in Chapter 3, the design and implementation of security evaluation aid system-SEAS based on the proposed ISSUE is given.Assessing risk is one key element of a broader set of security evaluation activities. Although all elements of the security evaluation are important, risk assessments provide the foundation for other elements of the evaluation cycle. As risk probability is a key factor of risk, estimation of risk probability is an unavoidable challenge. In Chapter 4 the author put forward a risk probability assessment model and proposed an estimator of risk probability based historical data. One obvious criticism of this approach is that, past returns do not guarantee future performance. While this is undoubtedly true, pragmatism leads to the conclusion that knowledge of the past is better than no knowledge at all.As there are many decision-making problems in security evaluation, the theory and method of fuzzy multiple attributes group decision-making has been found to be theoretically appealing as well as useful in practice of security evaluation. Then a fuzzy interactive security group decision making support system is proposed in Chapter 5.In Chapter 6, some important problems of quantitative security evaluation are
investigated. And the quantitative security evaluation technologies of information system have been proposed.Finally, the thesis; summarizes author's work and forecasts the future work.In summary, the author has studied thoroughly issues on security evaluation of information system and provides a theoretical and practical solution for progressing and improving security evaluation.
本文在对国内外相关研究进行研究的基础上,针对信息系统安全评估中存在的主要问题,给出了一个信息系统安全评估研究的概念框架,并在该框架的指导下,采用定量与定性相结合的方法,对信息系统安全评估理论及其关键技术进行了研究。
(1)提出了一种实用的信息系统安全评估方法ISSUE;
通过对信息系统安全评估理论和方法的深入研究,提出的信息系统安全评估方法ISSUE(Information System SecUrity Evaluation),与同类研究相比,具有可操作性较强,独立、实用、评估结果具有可比性等特点。在此基础上,本文设计并实现了基于ISSUE方法的安全评估辅助系统,为用户提供了一个直观而简洁的评估界面,简化了信息系统安全评估的工作量。
(2)提出了一种新的安全风险概率预测技术;
本文针对信息系统自身的特点,基于统计学和机器学习原理,提出的信息安全风险概率预测模型,可以有效的提高安全风险评价结果的客观性与准确性。
(3)提出了一种基于模糊多属性群体决策的信息系统安全决策方法;
本文针对信息系统安全问题的不确定性、复杂性,将模糊数学、多属性决策和群体决策的理论和方法引入信息系统安全决策问题中,有助于进一步提高信息系统安全评估结果的准确性。在此基础上,设计并实现了基于模糊信息的交互式群体安全决策辅助系统。目前还未见到信息系统安全评估辅助决策支持系统的相关研究成果报道,该成果拓广和深化了信息系统安全评估决策的研究内容。
(4)对信息系统安全量化评估中的关键技术进行了研究。
本文分别提出了基于概率统计的信息系统安全定量评估方法和基于模糊数算术运算的信息系统安全定量评估方法,并对安全性的多维属性进行了研究,提出了一种基于多维安全度的信息系统安全性定量评估模型。
本文的意义在于通过信息安全、经济学、机器学习、决策科学、模糊数学等多学科交叉研究的方法,构建了信息系统安全评估的理论框架,并对其关键技术进行了深入研究。为信息系统安全评估研究引入新的思想,探索了提高信息系统安全评估效果的新途径,拓广和深化了信息系统安全评估的研究内容,对于提高安全评估的准确性和有效性有重要的理论和实践意义。
With the coming of Information Age, mankind's desire for information system security has increased tremendously. It will be meaningful to give an answer about 'how' secure an information system is. Moreover, in a rapidly globalizing and increasingly uncertain world, taking correct security evaluation and decisions becomes essential for survival of the organization or indeed of the nation. But users cannot be expected to know exactly whether the security properties of the information system they use really fulfill their requirements. The impartial and competent security evaluation of the information system is needed. Despite many security evaluation metrics out there, none has been approved widely. To grasp these new challenges, the field of security evaluation itself has to develop and become more practical and relevant on the needs of the day. Therefore, this thesis's purpose is to describe author's initial results of research in security evaluation to improve the performance of security evaluation for information system.The current achievements of research in information security evaluation areas such as security evaluation criteria and methods both inland and overseas have been studied in Chapter 1.In Chapter 2, the problems that should be studied in security evaluation of information system have been demonstrated. And the research framework of this thesis is brought forward.The author has been engaged in the research on security evaluation method of information system and proposes an operational evaluation method-ISSUE (Information System SecUrity Evaluation). Also in Chapter 3, the design and implementation of security evaluation aid system-SEAS based on the proposed ISSUE is given.Assessing risk is one key element of a broader set of security evaluation activities. Although all elements of the security evaluation are important, risk assessments provide the foundation for other elements of the evaluation cycle. As risk probability is a key factor of risk, estimation of risk probability is an unavoidable challenge. In Chapter 4 the author put forward a risk probability assessment model and proposed an estimator of risk probability based historical data. One obvious criticism of this approach is that, past returns do not guarantee future performance. While this is undoubtedly true, pragmatism leads to the conclusion that knowledge of the past is better than no knowledge at all.As there are many decision-making problems in security evaluation, the theory and method of fuzzy multiple attributes group decision-making has been found to be theoretically appealing as well as useful in practice of security evaluation. Then a fuzzy interactive security group decision making support system is proposed in Chapter 5.In Chapter 6, some important problems of quantitative security evaluation are
investigated. And the quantitative security evaluation technologies of information system have been proposed.Finally, the thesis; summarizes author's work and forecasts the future work.In summary, the author has studied thoroughly issues on security evaluation of information system and provides a theoretical and practical solution for progressing and improving security evaluation.
引文
[1] 全国信息安全标准化技术委员会,TC260 N0001,信息技术安全技术信息系统安全保障等级评估准则第一部分:简介和一般模型,2004.
[2] Ortalo R, Deswarte Y, Kaaniche M, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions On Software Engineering, 1999, 25 (5): 633-650.
[3] U. S. A. Department of Defense, Trusted Computer System Evaluation Criteria, DoD 5200. 28-STD, 1985.
[4] The National Institute of Standards and Technology (NIST), http://www.nist.gov/
[5] William Stallings, Cryptography and Network Security: Principles and Practice, Second Edition, Prentice Hall, 1999.
[6] Matos MA, Hatziargyriou ND, Lopes JAP, Multicontingency steady state security evaluation using fuzzy clustering techniques, IEEE Transactions On Power Systems, 2000, 15(1): 177-183.
[7] 戴宗坤、罗万伯等,信息系统安全,北京:电子工业出版社,2002.
[8] Nishio S, Ozawa R, Amemiya S, et al. Standardization of evaluation criteria for IT security, NTT Review 2000, 12 (4): 65-67.
[9] 曲成义、陈晓桦,信息系统安全评估概念研究,信息安全与通信保密,2003,9.
[10] 陆浪如,信息安全评估标准的研究与信息安全系统的设计,郑州:解放军信息工程大学,博士学位论文,2001年9月.
[11] Stonebumer, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30, 2001.
[12] Operationally Critical Threat, Asset, and Vulnerability Evaluation~(SM)(OCTAVE) Framework 1.0 (CMU/SEI-99-TR-017), Alberts, Christopher J.; Behrens, Sandra G.; Pethia, Richard D.; & Wilson, William R., Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1999.
[13] J. Knight, K. Sullivan, M. Elder, C. Wang, Survivability Architectures: Issues and Approaches. In Proc: DARPA Information Survivability Conference and Exposition, IEEE Computer Society Press. Los Alamitos, CA, January 2000, pp. 157-171.
[14] Cushing, K., IT Directors Must Review Security Every 90 Days. Computer Weekly: 2002, 4.
[15] 吴世忠、罗建中,信息安全产品和信息系统安全的测评与认证,国家信息安全测评认证中心,2001.7
[16] Caelli WJ, Trusted or trustworthy: the search for a new paradigm for computer and network security, IEEE Computers & Security 2002, 21 (5): 413-420.
[17] International Standards Organization, Common Criteria for Information Technology Security Evaluation(CC) version 2.1, International Standards Organization International Standard 15408, January 31, 2000.
[18] BSI/DISC Committee BDD/2, BS7799 Code of Practice for Information Security Management, 1999.
[19] System Safety Engineering: Rept on Test Operation Procedure, AD-A168 737/5,1991.
[20] 罗鹏程,基于Petri网的系统安全性建模与分析技术研究,国防科技大学研究生院,博士学位论文,2001.10.
[21] SSE-CMM Model Description Document Version 2.0. 1999, http://www.sse-cmm.org
[22] International Organization for Standardization. Code of Practice for Information Security Management. ISO/IEC 17799: 2000. December 2000.
[23] International Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Security (GMITS). 1996-2001.
[24] 闫强、陈钟、段云所、唐礼勇,信息安全评估标准、技术及其进展,计算机工程,2003.4.
[25] 赵战生,信息安全风险评估,中国科学院研究生院信息安全国家重点实验室,2004.7.
[26] 全国信息安全标准化技术委员会,http://www.tc260.org.cn:7080/index.jsp
[27] C&A Systems Security: The COBRA Risk Consultant Methodology~(TM), July 1999
[28] CCRA Risk Analysis and Management Method (CRAMM), 1985, http://www.cranun.com
[29] NIST, Automated Security Self-Evaluation Tool (ASSET), http://csrc.nist.gov/asset
[30] Cost-of-Risk Analysis (CORA), International Security Technology, Inc, www.ist-usa.com
[31] Ketil Stolen. Model-based risk assessment - the CORAS approach. In Proc. the 1 st iTrust Workshop, Glasgow, Septermber, 2002.
[32] 郭昌捷、张道坤、李建军,综合安全评估在船舶装卸载过程中应用,大连理工大学学报,2002年,9:560-564.
[33] 埃思里奇(Ethridge,D),应用经济学研究方法论,北京:中国人民大学出版社,1998.
[34] 赫伯特.西蒙,企业组织的理性决策,现代决策理论的基石,北京:北京经济学院出版社,1991.
[35] 斯蒂芬.P.罗宾斯,管理学,北京:中国人民大学出版社,1998.
[36] Brian CARINI, Benoit MOREL, Dynamics and Equilibria of Information Security Investment. In Proc. First Workshop on Economics and Information Security, UC Berkeley, Berkeley, CA, May 2002.
[37] Keeney, R. and Raiffa, H. Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Cambridge University Press, 1999.
[38] 刘普寅,吴孟达,模糊理论及其应用,长沙:国防科技大学出版社,1998.11.
[39] 左军,多目标决策分析,杭州:浙江大学出版社,1991.
[40] 李小满,面向对象的安全评估方法及若干评估技术指标的构建,北京:中科院软件研究所工学硕士学位论文,2004.
[41] NSTISSI No. 501, National Training Program for Information System Security (INFOSEC) Professionals, November 1992.
[42] NSTISSI No. 1000, National Information Assurance Certification and Accreditation Process (NIACAP), April 2000.
[43] 王贵驷、江常青、张利,对我国信息系统认证与认可过程的探讨,计算机工程与应用,2003,11:73-75.
[44] 国家信息安全测评认证系统认证申请书,中国信息安全产品测评认证中心,2001.
[45] Shawn A. Butler, Security Attribute Evaluation Method, Carnegie Mellon University, Doctoral Thesis, May 2003.
[46] Shawn A. Butler. Security Attribute Evaluation Method: A Cost-Benefit Approach, In Proc. International Conference on Software Engineering, May 2002.
[47] National Security Agency. Information Assurance Technical Framework (IATF), Version 3.0. 2000, http://www.iatf.net
[48] 洪宏,CC标准及相关风险评价系统关键技术研究,西安:西安电子科技大学研究生院硕士学位论文,2004.
[49] Fang Liu, Kui Dai, et al., Improving Security Architecture Development Based on Multiple Criteria Decision Making, AWCC 2004. LNCS 3309:214-218, 2004.
[50] 邓义华,多属性决策的灵敏度分析,南京:南京理工大学研究牛院,2003.
[51] Kim TH, Kim HK,A relationship between security engineering and security evaluation, Lecture Notes In Computer Science 3046:717-724 2004.
[52] Wanner PCH, Weber RF, Fault injection tool for network security evaluation, Lecture Notes In Computer Science 2847:127-136 2003.
[53] Une M, Matsumoto T, A framework to evaluate security and cost of time stamping schemes, IEICE transactions on fundamentals of electronics communications and computer sciences E85A (1): 125-139 JAN 2002.
[54] Jason I. Hong, Jennifer D. Ng, Scott Lederer, James A. Landay. Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, DIS2004, August 1-4, 2004, Cambridge, Massachusetts, USA, ACM 1-58113-787-7/04/0008.
[55] David A. David T, Assessing Risk Probability: Alternative Approaches, In Proc. 2004 PMI Global Congress Proceedings.
[56] Petersson GH, Fure S, Bratthall D, Evaluation of a computer-based caries risk assessment program in an elderly group of individuals, ACTA odontologica scandinaviCA 2003, 61 (3): 164-171.
[57] Sanders WH, Stochastic methods for dependability, performability, and security evaluation, Lecture Notes In Computer Science 3099:97-97 2004
[58] Yong Chen, C. Jensen, et al., A General Risk Assessment of Security in Pervasive Computing. Technical Report TCD-CS-2003-45, Department of Computer Science, Trinity College Dublin, November 2003.
[59] The American Heritage(?) Dictionary of the English Language, Fourth Edition Copyright(?) 2000 by Houghton Mifflin Company.
[60] 孙即祥,现代模式识别,国防科技大学出版社,长沙,2002.
[61] Yong Chen, C. Jensen, et al., Risk Probability Estimating Based on Clustering. In Proc. the 4th IEEE Annual Information Assurance Workshop, West Point, New York, U. S. A., June 2003.
[62] Multivariate Analysis-Factor Analysis and Principal Component, The Numerical Algorithms Group Ltd, Oxford UK. 2000.
[63] David L. Donoho, High-dimensional Data Analysis, In Proc. The Curses and Blessings of Dimensionality International Conference of Mathematicians, Paris, Aug., 2000.
[64] C. Lee, D. A. Landgrebe, Analyzing High-Dimensional Multispectral Data, IEEE Transactions Geosci. Remote Sensing, 1993, 31(4):792-800.
[65] M. A. Carreira-Perpinan, Continuous Latent Variable Models for Dimensionality Reduction and Sequential Data Reconstruction, Ph. D Thesis, February, 2001.
[66] Lin Kuan-Ming, Lin Chih-Jen, A study on reduced support vector machines, IEEE Transactions on Neural Network, 2003, 14(6): 1449-1459.
[67] K. Y. Yeung, W. L. Ruzzo, Principal Component Analysis for Clustering Gene Expression Data, Bioinformatics, Oxford University Press, 2001, 7(9): 763-774.
[68] Raychaudhuri. S., Stuart, J. M. and Altman, R. B. Principal Components Analysis to Summarize Microarray Experiments: Application to Sporulation Time Series. In Proc. Pacific Symposium on Biocomputing, 2000.
[69] 戴葵,神经网络实现技术,长沙:国防科技大学出版社,1998.
[70] Simon Haykin, Neural Networks: A Comprehensive Foundation, second edition, Prentice Hall, pp. 443-483.
[71] Cherkassky V., Mulier F., Model Complexity Control for Regression using VC Generalization Bounds. IEEE Transaction on Neural Networks, 1999, 10(5): 1075-1089.
[72] Vapnik V., Chervoknenkis A. Y., The necessary and sufficient conditions for consistency in the empirical risk minimization method, Pattern Recognition and Image Analysis, 1991, 1(3): 283-305.
[73] Vapnik V., An Overview of Statistical Learning Theory, IEEE Transactions on Neural Networks, 1999, 10(5): 985-999.
[74] Muller K-R, Mika S, Ratsch G et al. An Introduction to Kernel-based Learning Algorithms. IEEE Transactions on Neural Networks, 2001, 12(2): 181-201.
[75] Yamauchi K, Yamaguchi N, Ishii N. Incremental Learning Methods with Retrieving of Interfered Patterns. IEEE Transactions on Neural Networks, 1999,10(11): 1351-1365.
[76] 李新军,基于支持向量机的建模预测研究,天津:天津大学研究生院硕士学位论文,2004.
[77] KDDCUP99, http://kdd.ics.uci.edu/databases/kddcup99/task.html
[78] Somtoolbox, http://www.cis.hut.fi/projects/somtoolbox/
[79] K. Van Laerhoven, Combining the self-organizing map and k-means clustering for on-line classification of sensor data. In Proc. the International Conference on Artificial Neural Networks 2001, Vienna, 2001.
[80] Satty, T. L., The Analytic Hierarchy Process. McGraw Hill Inc. NY, 1980.
[81] Gray Stoneburner, High Assurance ≠ More Secure, In Proc. First Workshop on Information Security System Rating and Ranking (ACSA), Williamsburg, Virginia, May 2001.
[82] 娄顺天、施阳,基于MATLAB的系统分析与设计神经网络,西安电子科技大学出版社,1998.
[83] 刘则毅,科学计算与Matlab,科学出版社,2001.
[84] 宜家骥,多目标决策,湖南科学技术出版社,1989.
[85] 宋光兴,多属性决策理论、方法及其在矿业中的应用研究,昆明理工大学博士学位论文,2001.4.
[86] Liou T S, Wang M. J. Ranking fuzzy numbers with integral value. Fuzzy Sets and System, 1992,50:247~255.
[87] 李荣钧,模糊多准则决策理论与应用,科学出版社,2002,2:138-200.
[88] 邱菀华,管理决策与应用熵学,机械工业出版社,2002.
[89] 蔡雷,模糊多属性决策理论与方法研究,重庆:西南交通大学研究生院硕士学位论文,2004.
[90] 陈守煜,工程模糊集理论与应用,北京:国防工业出版社,1998.
[91] 陈守煜,系统模糊决策理论与应用,大连:大连理工大学出版社,1994.
[92] 张文泉、张世英、江立勤,基于熵的决策评价模型及其应用,系统工程学报,1995.10(3):69-74
[93] Zhi-ping Fan, Jian Ma, Quan Zhang. An approach to Multiple Attribute Decision Making Based on Fuzzy Preference Information on Alternatives. Fuzzy Sets and Systems, 2002,131(1): 101-106.
[94] Chiclana, F., Herrera, F. and Herrera-Viedma, E. (1998) Integrating Three Representation Models in Fuzzy Multipurpose Decision Making Based on Fuzzy Preference Relations, Fuzzy Sets and Systems, 1998, 97: 33-48.
[95] 李栋祥,模糊多属性决策分析法在矿产资源开发中的应用,武汉:武汉理工大学研究牛院工学硕士论文,2004.
[96] Simonovic, S.P., Tools for Water Management: One View of the Future, Water International, International Water Resources Association, 2000, 25(1): 76-88.
[97] 赵海燕、曹健、张友良,一种群体评价一致性合成方法,系统工程理论与实 践,2000,20(7):52~57.
[98] Steve Cooke, Nigel Slack,制定管理决策教程,北京:华夏出版社,2000.
[99] Bellman, R. E., and L. A. Zadeh, Decision-making in a Fuzzy Environment", Management Science, 1970, 17(4): B141-B164.
[100] Chen, C. T., Extensions of the TOPSIS For Group Decision-Making Under Fuzzy Environment. Fuzzy Sets And Systems, 2000, 114:1-9.
[101] Evans, G. W. An Overview for Techniques for Solving Multi-objective Mathematical Programs, Management Science, 1984, 30:1268-1282.
[102] Chiclana, F., Herrera, F. and Herrera-Viedma, E. Integrating Three Representation Models in Fuzzy Multipurpose Decision Making Based on Fuzzy Preference Relations, Fuzzy Sets and Systems, 1998, 97: 33-48.
[103] Jian Ma, Quan Zhang, Zhiping Fan, Jiazhi Liang, Duanning Zhou: An Approach to Multiple Attribute Decision Making based on Preference Information on Alternatives. HICSS 2001.
[104] Feng, S. and Xu, L. D. Decision Support for Fuzzy Comprehensive Evaluation of Urban Development, Fuzzy Sets and Systems, 1999, 105(1): 1-12.
[105] Zhou, D. N. Fuzzy Group Decision Support System Approach to Group Decision Making Under Multiple Criteria. Dissertation of Doctor of Philosophy, City University of Hong Kong, March 2000.
[106] Jian Ma, Zhiping Fan, Quanling Wei: Existence and construction of weight-set for satisfying preference orders of alternatives based on additive multi-attribute value model. IEEE Transactions on Systems, Man, and Cybernetics, Part A 2001, 31 (1): 66-72.
[107] 黄梯云,智能决策支持系统,北京:电子工业出版社,2001.
[108] F. Chiclana, F. Herrera, and E. Herrera-Viedma, "Integrating three representation models in fuzzy multipurpose decision making based on fuzzy preference relations", Fuzzy Sets and Systems, 1998, 97: 33-48.
[109] Erland Jonsson, A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior, IEEE Transactions on Software Engineering, 1997, 23(4): 235-245.
[110] Catherine Meadows, The Feasibility of Quantitative assessment of Security, Center for High Assurance Computer System Naval Research Laboratory Washington, DC 20375.
[111] Anthony H. W. Chan and Michael R. Lyu. Security Modeling and Evaluation for the Mobile Code Paradigm. Department of Computer Science and Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong, 1999.
[112] 刘芳,戴葵,王志英,分布式拒绝服务攻击预警系统的设计与实现,计算机工程,2001,27(5):129-131。
[113] 刘芳,戴葵,王志英,基于概率统计的计算机系统安全性定量评估技术研究,计算机工程,2004,18(3):18-21.
[114] 徐中伟、吴芳美,基于测试的安全软件的安全性评估,计算机工程与科学,2001,24(5):15-27.
[115] U. Gustafson, E. Jonsson, and T. Olovsson, "Security Evaluation of a PC Network based on Intrusion Experiments, " SECURICOM'96, Paris, France, pp. 187-203, June 4-6, 1996.
[116] 王铁江,郦萌,一种安全软件安全性评估的模糊模型,计算机工程,2003,14(4):24-27.
[117] Hanseong Son, Poonghyun Seong, Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets, Fuzzy Systems Conference Proceedings, FUZZ-IEEE'99, 1999-02:830-834.
[118] Wang Jin, A Subjective Modeling Tool Applied to Formal Ship Safety Assessment, Ocean Engineering, 2000, 27:1019-1035.
[119] 遇今,国外概率安全评估与管理的发展,质量与可靠性,1997, 13(4):46-49.
[120] Probabilistic Safety Assessment and Management ESREL' 96-PSAM-Ⅲ. June, Grete, Greece.
[121] Proceeding of the 4th International conference on Probabilistic Safety Assessment and Management, 13-18 September 1998, New York City, US.
[122] 何新贵,模糊知识处理的理论与技术,北京:国防工业出版社,1994.
[123] 石柱,遇今,何新贵,一种基于模糊数算术运算的可靠性分析方法,系统工程与电子技术,1999,14(9):14-19.
[124] 刘芳,戴葵,王志英,基于模糊数算术运算的信息系统安全性定量评估技术研究,模糊系统与数学,2004,10(4):122-127.
[125] 刘芳,戴葵,王志英,信息系统安全性评估研究综述,计算机工程与科学,2004,24(9):pp.19-23.
[126] Marshall D. Abrams. Coming to Acceptance of Ways for Measuring and Ranking Security Properties. First Workshop on Information Security System Rating and Ranking (ACSA). Williamsburg. Virginia. May 2001.
[127] Malczewski, J. GIS and Multicriteria Decision Analysis. John Wiley & Sons, Inc. ISBN 0-471-32944-4. 1999.
[128] Zegzhda PD, Zegzhda DP, Kalinin MO, Logical resolving for security evaluation, Lecture Notes In Computer Science 2776: 147-156, 2003.
[129] Takenaka M, Shimoyama T, Koshiba T, Theoretical analysis of (2)(X) attack on RC6 , IEICE Transactions on fundamentals of electronics communications and computer sciences 2004, e87a (1): 28-36.
[130] JP. Shim, M. Warkentin, JF. Courtney et al., Past, Present, And Future Of Decision Support Technology. Decision Support Systems, 2002, 33: 111-126.
[131] Dey, P. K., Decision Support System for Risk Management: a case study. Management Decision, 2001, 39(8): 634-649.
[2] Ortalo R, Deswarte Y, Kaaniche M, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions On Software Engineering, 1999, 25 (5): 633-650.
[3] U. S. A. Department of Defense, Trusted Computer System Evaluation Criteria, DoD 5200. 28-STD, 1985.
[4] The National Institute of Standards and Technology (NIST), http://www.nist.gov/
[5] William Stallings, Cryptography and Network Security: Principles and Practice, Second Edition, Prentice Hall, 1999.
[6] Matos MA, Hatziargyriou ND, Lopes JAP, Multicontingency steady state security evaluation using fuzzy clustering techniques, IEEE Transactions On Power Systems, 2000, 15(1): 177-183.
[7] 戴宗坤、罗万伯等,信息系统安全,北京:电子工业出版社,2002.
[8] Nishio S, Ozawa R, Amemiya S, et al. Standardization of evaluation criteria for IT security, NTT Review 2000, 12 (4): 65-67.
[9] 曲成义、陈晓桦,信息系统安全评估概念研究,信息安全与通信保密,2003,9.
[10] 陆浪如,信息安全评估标准的研究与信息安全系统的设计,郑州:解放军信息工程大学,博士学位论文,2001年9月.
[11] Stonebumer, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30, 2001.
[12] Operationally Critical Threat, Asset, and Vulnerability Evaluation~(SM)(OCTAVE) Framework 1.0 (CMU/SEI-99-TR-017), Alberts, Christopher J.; Behrens, Sandra G.; Pethia, Richard D.; & Wilson, William R., Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1999.
[13] J. Knight, K. Sullivan, M. Elder, C. Wang, Survivability Architectures: Issues and Approaches. In Proc: DARPA Information Survivability Conference and Exposition, IEEE Computer Society Press. Los Alamitos, CA, January 2000, pp. 157-171.
[14] Cushing, K., IT Directors Must Review Security Every 90 Days. Computer Weekly: 2002, 4.
[15] 吴世忠、罗建中,信息安全产品和信息系统安全的测评与认证,国家信息安全测评认证中心,2001.7
[16] Caelli WJ, Trusted or trustworthy: the search for a new paradigm for computer and network security, IEEE Computers & Security 2002, 21 (5): 413-420.
[17] International Standards Organization, Common Criteria for Information Technology Security Evaluation(CC) version 2.1, International Standards Organization International Standard 15408, January 31, 2000.
[18] BSI/DISC Committee BDD/2, BS7799 Code of Practice for Information Security Management, 1999.
[19] System Safety Engineering: Rept on Test Operation Procedure, AD-A168 737/5,1991.
[20] 罗鹏程,基于Petri网的系统安全性建模与分析技术研究,国防科技大学研究生院,博士学位论文,2001.10.
[21] SSE-CMM Model Description Document Version 2.0. 1999, http://www.sse-cmm.org
[22] International Organization for Standardization. Code of Practice for Information Security Management. ISO/IEC 17799: 2000. December 2000.
[23] International Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Security (GMITS). 1996-2001.
[24] 闫强、陈钟、段云所、唐礼勇,信息安全评估标准、技术及其进展,计算机工程,2003.4.
[25] 赵战生,信息安全风险评估,中国科学院研究生院信息安全国家重点实验室,2004.7.
[26] 全国信息安全标准化技术委员会,http://www.tc260.org.cn:7080/index.jsp
[27] C&A Systems Security: The COBRA Risk Consultant Methodology~(TM), July 1999
[28] CCRA Risk Analysis and Management Method (CRAMM), 1985, http://www.cranun.com
[29] NIST, Automated Security Self-Evaluation Tool (ASSET), http://csrc.nist.gov/asset
[30] Cost-of-Risk Analysis (CORA), International Security Technology, Inc, www.ist-usa.com
[31] Ketil Stolen. Model-based risk assessment - the CORAS approach. In Proc. the 1 st iTrust Workshop, Glasgow, Septermber, 2002.
[32] 郭昌捷、张道坤、李建军,综合安全评估在船舶装卸载过程中应用,大连理工大学学报,2002年,9:560-564.
[33] 埃思里奇(Ethridge,D),应用经济学研究方法论,北京:中国人民大学出版社,1998.
[34] 赫伯特.西蒙,企业组织的理性决策,现代决策理论的基石,北京:北京经济学院出版社,1991.
[35] 斯蒂芬.P.罗宾斯,管理学,北京:中国人民大学出版社,1998.
[36] Brian CARINI, Benoit MOREL, Dynamics and Equilibria of Information Security Investment. In Proc. First Workshop on Economics and Information Security, UC Berkeley, Berkeley, CA, May 2002.
[37] Keeney, R. and Raiffa, H. Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Cambridge University Press, 1999.
[38] 刘普寅,吴孟达,模糊理论及其应用,长沙:国防科技大学出版社,1998.11.
[39] 左军,多目标决策分析,杭州:浙江大学出版社,1991.
[40] 李小满,面向对象的安全评估方法及若干评估技术指标的构建,北京:中科院软件研究所工学硕士学位论文,2004.
[41] NSTISSI No. 501, National Training Program for Information System Security (INFOSEC) Professionals, November 1992.
[42] NSTISSI No. 1000, National Information Assurance Certification and Accreditation Process (NIACAP), April 2000.
[43] 王贵驷、江常青、张利,对我国信息系统认证与认可过程的探讨,计算机工程与应用,2003,11:73-75.
[44] 国家信息安全测评认证系统认证申请书,中国信息安全产品测评认证中心,2001.
[45] Shawn A. Butler, Security Attribute Evaluation Method, Carnegie Mellon University, Doctoral Thesis, May 2003.
[46] Shawn A. Butler. Security Attribute Evaluation Method: A Cost-Benefit Approach, In Proc. International Conference on Software Engineering, May 2002.
[47] National Security Agency. Information Assurance Technical Framework (IATF), Version 3.0. 2000, http://www.iatf.net
[48] 洪宏,CC标准及相关风险评价系统关键技术研究,西安:西安电子科技大学研究生院硕士学位论文,2004.
[49] Fang Liu, Kui Dai, et al., Improving Security Architecture Development Based on Multiple Criteria Decision Making, AWCC 2004. LNCS 3309:214-218, 2004.
[50] 邓义华,多属性决策的灵敏度分析,南京:南京理工大学研究牛院,2003.
[51] Kim TH, Kim HK,A relationship between security engineering and security evaluation, Lecture Notes In Computer Science 3046:717-724 2004.
[52] Wanner PCH, Weber RF, Fault injection tool for network security evaluation, Lecture Notes In Computer Science 2847:127-136 2003.
[53] Une M, Matsumoto T, A framework to evaluate security and cost of time stamping schemes, IEICE transactions on fundamentals of electronics communications and computer sciences E85A (1): 125-139 JAN 2002.
[54] Jason I. Hong, Jennifer D. Ng, Scott Lederer, James A. Landay. Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, DIS2004, August 1-4, 2004, Cambridge, Massachusetts, USA, ACM 1-58113-787-7/04/0008.
[55] David A. David T, Assessing Risk Probability: Alternative Approaches, In Proc. 2004 PMI Global Congress Proceedings.
[56] Petersson GH, Fure S, Bratthall D, Evaluation of a computer-based caries risk assessment program in an elderly group of individuals, ACTA odontologica scandinaviCA 2003, 61 (3): 164-171.
[57] Sanders WH, Stochastic methods for dependability, performability, and security evaluation, Lecture Notes In Computer Science 3099:97-97 2004
[58] Yong Chen, C. Jensen, et al., A General Risk Assessment of Security in Pervasive Computing. Technical Report TCD-CS-2003-45, Department of Computer Science, Trinity College Dublin, November 2003.
[59] The American Heritage(?) Dictionary of the English Language, Fourth Edition Copyright(?) 2000 by Houghton Mifflin Company.
[60] 孙即祥,现代模式识别,国防科技大学出版社,长沙,2002.
[61] Yong Chen, C. Jensen, et al., Risk Probability Estimating Based on Clustering. In Proc. the 4th IEEE Annual Information Assurance Workshop, West Point, New York, U. S. A., June 2003.
[62] Multivariate Analysis-Factor Analysis and Principal Component, The Numerical Algorithms Group Ltd, Oxford UK. 2000.
[63] David L. Donoho, High-dimensional Data Analysis, In Proc. The Curses and Blessings of Dimensionality International Conference of Mathematicians, Paris, Aug., 2000.
[64] C. Lee, D. A. Landgrebe, Analyzing High-Dimensional Multispectral Data, IEEE Transactions Geosci. Remote Sensing, 1993, 31(4):792-800.
[65] M. A. Carreira-Perpinan, Continuous Latent Variable Models for Dimensionality Reduction and Sequential Data Reconstruction, Ph. D Thesis, February, 2001.
[66] Lin Kuan-Ming, Lin Chih-Jen, A study on reduced support vector machines, IEEE Transactions on Neural Network, 2003, 14(6): 1449-1459.
[67] K. Y. Yeung, W. L. Ruzzo, Principal Component Analysis for Clustering Gene Expression Data, Bioinformatics, Oxford University Press, 2001, 7(9): 763-774.
[68] Raychaudhuri. S., Stuart, J. M. and Altman, R. B. Principal Components Analysis to Summarize Microarray Experiments: Application to Sporulation Time Series. In Proc. Pacific Symposium on Biocomputing, 2000.
[69] 戴葵,神经网络实现技术,长沙:国防科技大学出版社,1998.
[70] Simon Haykin, Neural Networks: A Comprehensive Foundation, second edition, Prentice Hall, pp. 443-483.
[71] Cherkassky V., Mulier F., Model Complexity Control for Regression using VC Generalization Bounds. IEEE Transaction on Neural Networks, 1999, 10(5): 1075-1089.
[72] Vapnik V., Chervoknenkis A. Y., The necessary and sufficient conditions for consistency in the empirical risk minimization method, Pattern Recognition and Image Analysis, 1991, 1(3): 283-305.
[73] Vapnik V., An Overview of Statistical Learning Theory, IEEE Transactions on Neural Networks, 1999, 10(5): 985-999.
[74] Muller K-R, Mika S, Ratsch G et al. An Introduction to Kernel-based Learning Algorithms. IEEE Transactions on Neural Networks, 2001, 12(2): 181-201.
[75] Yamauchi K, Yamaguchi N, Ishii N. Incremental Learning Methods with Retrieving of Interfered Patterns. IEEE Transactions on Neural Networks, 1999,10(11): 1351-1365.
[76] 李新军,基于支持向量机的建模预测研究,天津:天津大学研究生院硕士学位论文,2004.
[77] KDDCUP99, http://kdd.ics.uci.edu/databases/kddcup99/task.html
[78] Somtoolbox, http://www.cis.hut.fi/projects/somtoolbox/
[79] K. Van Laerhoven, Combining the self-organizing map and k-means clustering for on-line classification of sensor data. In Proc. the International Conference on Artificial Neural Networks 2001, Vienna, 2001.
[80] Satty, T. L., The Analytic Hierarchy Process. McGraw Hill Inc. NY, 1980.
[81] Gray Stoneburner, High Assurance ≠ More Secure, In Proc. First Workshop on Information Security System Rating and Ranking (ACSA), Williamsburg, Virginia, May 2001.
[82] 娄顺天、施阳,基于MATLAB的系统分析与设计神经网络,西安电子科技大学出版社,1998.
[83] 刘则毅,科学计算与Matlab,科学出版社,2001.
[84] 宜家骥,多目标决策,湖南科学技术出版社,1989.
[85] 宋光兴,多属性决策理论、方法及其在矿业中的应用研究,昆明理工大学博士学位论文,2001.4.
[86] Liou T S, Wang M. J. Ranking fuzzy numbers with integral value. Fuzzy Sets and System, 1992,50:247~255.
[87] 李荣钧,模糊多准则决策理论与应用,科学出版社,2002,2:138-200.
[88] 邱菀华,管理决策与应用熵学,机械工业出版社,2002.
[89] 蔡雷,模糊多属性决策理论与方法研究,重庆:西南交通大学研究生院硕士学位论文,2004.
[90] 陈守煜,工程模糊集理论与应用,北京:国防工业出版社,1998.
[91] 陈守煜,系统模糊决策理论与应用,大连:大连理工大学出版社,1994.
[92] 张文泉、张世英、江立勤,基于熵的决策评价模型及其应用,系统工程学报,1995.10(3):69-74
[93] Zhi-ping Fan, Jian Ma, Quan Zhang. An approach to Multiple Attribute Decision Making Based on Fuzzy Preference Information on Alternatives. Fuzzy Sets and Systems, 2002,131(1): 101-106.
[94] Chiclana, F., Herrera, F. and Herrera-Viedma, E. (1998) Integrating Three Representation Models in Fuzzy Multipurpose Decision Making Based on Fuzzy Preference Relations, Fuzzy Sets and Systems, 1998, 97: 33-48.
[95] 李栋祥,模糊多属性决策分析法在矿产资源开发中的应用,武汉:武汉理工大学研究牛院工学硕士论文,2004.
[96] Simonovic, S.P., Tools for Water Management: One View of the Future, Water International, International Water Resources Association, 2000, 25(1): 76-88.
[97] 赵海燕、曹健、张友良,一种群体评价一致性合成方法,系统工程理论与实 践,2000,20(7):52~57.
[98] Steve Cooke, Nigel Slack,制定管理决策教程,北京:华夏出版社,2000.
[99] Bellman, R. E., and L. A. Zadeh, Decision-making in a Fuzzy Environment", Management Science, 1970, 17(4): B141-B164.
[100] Chen, C. T., Extensions of the TOPSIS For Group Decision-Making Under Fuzzy Environment. Fuzzy Sets And Systems, 2000, 114:1-9.
[101] Evans, G. W. An Overview for Techniques for Solving Multi-objective Mathematical Programs, Management Science, 1984, 30:1268-1282.
[102] Chiclana, F., Herrera, F. and Herrera-Viedma, E. Integrating Three Representation Models in Fuzzy Multipurpose Decision Making Based on Fuzzy Preference Relations, Fuzzy Sets and Systems, 1998, 97: 33-48.
[103] Jian Ma, Quan Zhang, Zhiping Fan, Jiazhi Liang, Duanning Zhou: An Approach to Multiple Attribute Decision Making based on Preference Information on Alternatives. HICSS 2001.
[104] Feng, S. and Xu, L. D. Decision Support for Fuzzy Comprehensive Evaluation of Urban Development, Fuzzy Sets and Systems, 1999, 105(1): 1-12.
[105] Zhou, D. N. Fuzzy Group Decision Support System Approach to Group Decision Making Under Multiple Criteria. Dissertation of Doctor of Philosophy, City University of Hong Kong, March 2000.
[106] Jian Ma, Zhiping Fan, Quanling Wei: Existence and construction of weight-set for satisfying preference orders of alternatives based on additive multi-attribute value model. IEEE Transactions on Systems, Man, and Cybernetics, Part A 2001, 31 (1): 66-72.
[107] 黄梯云,智能决策支持系统,北京:电子工业出版社,2001.
[108] F. Chiclana, F. Herrera, and E. Herrera-Viedma, "Integrating three representation models in fuzzy multipurpose decision making based on fuzzy preference relations", Fuzzy Sets and Systems, 1998, 97: 33-48.
[109] Erland Jonsson, A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior, IEEE Transactions on Software Engineering, 1997, 23(4): 235-245.
[110] Catherine Meadows, The Feasibility of Quantitative assessment of Security, Center for High Assurance Computer System Naval Research Laboratory Washington, DC 20375.
[111] Anthony H. W. Chan and Michael R. Lyu. Security Modeling and Evaluation for the Mobile Code Paradigm. Department of Computer Science and Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong, 1999.
[112] 刘芳,戴葵,王志英,分布式拒绝服务攻击预警系统的设计与实现,计算机工程,2001,27(5):129-131。
[113] 刘芳,戴葵,王志英,基于概率统计的计算机系统安全性定量评估技术研究,计算机工程,2004,18(3):18-21.
[114] 徐中伟、吴芳美,基于测试的安全软件的安全性评估,计算机工程与科学,2001,24(5):15-27.
[115] U. Gustafson, E. Jonsson, and T. Olovsson, "Security Evaluation of a PC Network based on Intrusion Experiments, " SECURICOM'96, Paris, France, pp. 187-203, June 4-6, 1996.
[116] 王铁江,郦萌,一种安全软件安全性评估的模糊模型,计算机工程,2003,14(4):24-27.
[117] Hanseong Son, Poonghyun Seong, Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets, Fuzzy Systems Conference Proceedings, FUZZ-IEEE'99, 1999-02:830-834.
[118] Wang Jin, A Subjective Modeling Tool Applied to Formal Ship Safety Assessment, Ocean Engineering, 2000, 27:1019-1035.
[119] 遇今,国外概率安全评估与管理的发展,质量与可靠性,1997, 13(4):46-49.
[120] Probabilistic Safety Assessment and Management ESREL' 96-PSAM-Ⅲ. June, Grete, Greece.
[121] Proceeding of the 4th International conference on Probabilistic Safety Assessment and Management, 13-18 September 1998, New York City, US.
[122] 何新贵,模糊知识处理的理论与技术,北京:国防工业出版社,1994.
[123] 石柱,遇今,何新贵,一种基于模糊数算术运算的可靠性分析方法,系统工程与电子技术,1999,14(9):14-19.
[124] 刘芳,戴葵,王志英,基于模糊数算术运算的信息系统安全性定量评估技术研究,模糊系统与数学,2004,10(4):122-127.
[125] 刘芳,戴葵,王志英,信息系统安全性评估研究综述,计算机工程与科学,2004,24(9):pp.19-23.
[126] Marshall D. Abrams. Coming to Acceptance of Ways for Measuring and Ranking Security Properties. First Workshop on Information Security System Rating and Ranking (ACSA). Williamsburg. Virginia. May 2001.
[127] Malczewski, J. GIS and Multicriteria Decision Analysis. John Wiley & Sons, Inc. ISBN 0-471-32944-4. 1999.
[128] Zegzhda PD, Zegzhda DP, Kalinin MO, Logical resolving for security evaluation, Lecture Notes In Computer Science 2776: 147-156, 2003.
[129] Takenaka M, Shimoyama T, Koshiba T, Theoretical analysis of (2)(X) attack on RC6 , IEICE Transactions on fundamentals of electronics communications and computer sciences 2004, e87a (1): 28-36.
[130] JP. Shim, M. Warkentin, JF. Courtney et al., Past, Present, And Future Of Decision Support Technology. Decision Support Systems, 2002, 33: 111-126.
[131] Dey, P. K., Decision Support System for Risk Management: a case study. Management Decision, 2001, 39(8): 634-649.