军事涉密网安全策略执行风险度量研究
|
摘要
随着军队信息化建设的不断深入,军事涉密网纷纷建立,大量安全设备投入使用,设计了众多安全策略,但是实际工作中由于安全策略的设计与执行相互分离,在策略执行环节存在着“二次风险”。如何度量安全策略执行风险,适时调整安全策略,全面掌握网络安全状态,提高管理决策人员和用户的信心,已成为军事涉密网安全管理面临的一个紧迫问题。
论文重点探讨了军事涉密网的安全策略执行风险度量问题。首先,论文分析了安全策略执行风险度量的内涵及过程,并从度量目标、度量对象、度量方法和度量结果的角度阐述了安全策略执行风险度量的基本问题;
其次,引入了GQM面向目标的分析模型,建立了基于GQM的度量开发模型,选取信息进出控制策略及终端准入控制策略进行策略执行风险分析,通过分析脆弱性及安全威胁,对涉密网安全策略执行过程中产生的“二次风险”进行了总结,并结合安全风险归纳出涉密网安全策略执行风险度量信息需求;
然后,在信息进出控制策略执行风险度量中,建立了度量信息需求与度量指标之间的映射关系,设计了安全策略执行风险度量指标,形成了安全策略执行风险的度量集,并结合学院科研实验网进行了实例验证。
最后,在终端准入控制策略执行风险度量中,依据度量信息需求设计了度量指标,结合安全策略执行风险的实际特点,设计了相适应的测量方法,并进行了综合评价分析。
Along with development of the military information construction, the military intranets are built with many security equipments and different security policies. However, since the separations between the policy design and execution,“secondary risk”may exist in the policy implementation procedure. It is a key issue that how to measure the implementation risk of the security policy, adjust the security policy, get the whole network security state and enhance the decision-making and users’confidence.
The execution risk measurement of the military intranet’s security policy is discussed in this thesis. First of all, the connotation and process are analysed in the execution risk measurement of security policy. The basic problems of the implementation risk measurement are elaborated with the measurement goal, object, method and result.
Secondly, a GQM goal-oriented analysis model is introduced. Then, the measurement design model is built based on GQM. The information in-out control and accessing control policies are selected for the operation risk analysis. By analyzing the vulnerability and security threaten, the“secondary risk”is concluded from the policy operating process. According to the security risk, the information demands are summarized for the security policy operation risk measurement.
Then the mapping relationship, which is between the information demand and the measurement index, is constructed in the operation risk measurement of information in-out control policy. The indexes of policy operation risk are devised, and a measurement set is composed with the indexes. The measurement methods and results are validated by using the institute’s scientific research network.
At last the metrics indexs are designed according to the measurement information demand in the operation risk measurement of the terminal’s access and control policy. Combining with the characteristic of policy operation, we design measurement method and evaluate the method comprehensively.
论文重点探讨了军事涉密网的安全策略执行风险度量问题。首先,论文分析了安全策略执行风险度量的内涵及过程,并从度量目标、度量对象、度量方法和度量结果的角度阐述了安全策略执行风险度量的基本问题;
其次,引入了GQM面向目标的分析模型,建立了基于GQM的度量开发模型,选取信息进出控制策略及终端准入控制策略进行策略执行风险分析,通过分析脆弱性及安全威胁,对涉密网安全策略执行过程中产生的“二次风险”进行了总结,并结合安全风险归纳出涉密网安全策略执行风险度量信息需求;
然后,在信息进出控制策略执行风险度量中,建立了度量信息需求与度量指标之间的映射关系,设计了安全策略执行风险度量指标,形成了安全策略执行风险的度量集,并结合学院科研实验网进行了实例验证。
最后,在终端准入控制策略执行风险度量中,依据度量信息需求设计了度量指标,结合安全策略执行风险的实际特点,设计了相适应的测量方法,并进行了综合评价分析。
Along with development of the military information construction, the military intranets are built with many security equipments and different security policies. However, since the separations between the policy design and execution,“secondary risk”may exist in the policy implementation procedure. It is a key issue that how to measure the implementation risk of the security policy, adjust the security policy, get the whole network security state and enhance the decision-making and users’confidence.
The execution risk measurement of the military intranet’s security policy is discussed in this thesis. First of all, the connotation and process are analysed in the execution risk measurement of security policy. The basic problems of the implementation risk measurement are elaborated with the measurement goal, object, method and result.
Secondly, a GQM goal-oriented analysis model is introduced. Then, the measurement design model is built based on GQM. The information in-out control and accessing control policies are selected for the operation risk analysis. By analyzing the vulnerability and security threaten, the“secondary risk”is concluded from the policy operating process. According to the security risk, the information demands are summarized for the security policy operation risk measurement.
Then the mapping relationship, which is between the information demand and the measurement index, is constructed in the operation risk measurement of information in-out control policy. The indexes of policy operation risk are devised, and a measurement set is composed with the indexes. The measurement methods and results are validated by using the institute’s scientific research network.
At last the metrics indexs are designed according to the measurement information demand in the operation risk measurement of the terminal’s access and control policy. Combining with the characteristic of policy operation, we design measurement method and evaluate the method comprehensively.
引文
[1]綦宗纲.军队计算机网络安全性研究与应用[D].北京交通大学,2007:
[2]唐成华,余顺争.基于安全保障能力的网络安全策略评估[J].武汉大学学报(理工版),2009,2:109-112.
[3]陈晓苏,林植,冯向东.基于分层模型的网络安全策略逐级求精算法[J].小型微型计算机系统,2007,6:998-1002.
[4] Wayne Jansen.Directions in Security Metrics Research.NISTIR7564,2009,03.
[5] Ronda Hennning , Rayford B.Vaughn , Ambarren Siraj . Information Assurance Measures and Metrids-State of Practice and Proposed Taxonomy[J].Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03).IEEE Computer Society,2002:
[6]秦智,张仕斌.基于证据理论的安全策略有效性评估模型[J].昆明理工大学学报,2010,2:83-87.
[7]吕欣.信息系统安全度量理论和方法研究[J].计算机科学,2008,11:42-44.
[8] A.westerinen et al.Terminology for Policy-based Management[S].RFC3198,2001.
[9] Denis Trcek.Security policy management for networked information systems[C].Network Operations and Management Symposium,2000:
[10] Damianou N.A Policy Framework for Management of Distributed Systems[D].Ph.D.thesis.Imperial College of Science.Technology And Medicine of London University.2002:
[11] Damianou,N.dulay,E.Lupu and M.sloman.The Ponder Policy Specification Language [S].In Proceedings of the Policy Workshop 2001,HP Labs,Bristol,UK,Springer-Verlag.2001:
[12] Marianne Swanson,et al.Security Metrics Guide for Information Technology Systems[R/OL].NIST Special Publication 800-55:http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf,2003,7.
[13] Elizabeth Chew,Marianne Swanson,Kevin Stine,et al.Performance Measurement Guide for Information Security (DRAFT) [R/OL].NIST Special Publication 800-55 Revision 1 (DRAFT):http://csrc.nist.gov/ publications/PubsDrafts.html#SP-800-55-Rev.%201,2007,9.
[14]中国认证认可信息网.ISMS标准体系-ISO/IEC 27000族简介[EB/OL].http://www.cnca. gov.cn/ caitbbs/forum.jsp?forumID=81,2007.
[15] Systems Security Engineering Capability Maturity Model.International Systems security Engineering Association(ISSEA),referenced on July 7,2008:http://www.sse-cmm.org/metric/metric.asp
[16]江常青.信息系统安全测度[J].国家信息安全测评认证,2008,3:17-20.
[17]闫强.信息系统安全评估研究[D].北京大学,2003:
[18]崔宝灵,张洁,杨昌.系统安全工程能力成熟模型安全度量研究[J].哈尔滨工业大学学报,2003,3:293-297.
[19]赵文.信息安全保障度量及综合评价研究[D].四川大学数学学院,2006:
[20]王君毅.可信计算平台中信任链的可信赖度量指标与方法研究[D].北京邮电大学软件学院,2007:
[21]温红子.商务安全策略及其形式分析研究[D].中国科学院软件研究所博士学位论文.2004:
[22]彭军.网络安全策略监控模型及关键技术研究[D].解放军信息工程大学电子技术学院.2009:
[23] Shirley C.Payne . A Guide to Security Metrics . SANS Security Essentials GSEC Practical Assignment.Version 1.2e. 2006,6:http://www.sans.org/reading_room/whitepapers/auditing/55.php.
[24] CISWG (USA).Report of the Best Practices and Metrics Teams[R/OL]:http://www.cisecurity.org/ Documents/BPMetricsTeamReportFinal111704Rev11005.pdf,2004,7.
[25]李强.入侵检测系统运行安全度量研究[D].解放军信息工程大学,2010:
[26] ISSEA.ISSEA Metrcs[R/OL].http://www.incits.org/tc_home/CS1/2005docs/cs1050045. pdf,2005:
[27] Metricon3.0. Metricon3.0 Agenda [EB/OL].http://www.securitymetrics.org/content/Wiki.jsp?page= Metricon3.0. 2008,8.
[28] Joyce Statz. Measurement Guidance for Process Improvement V1.0 [R/OL]:http://www.psmsc.com/ Downloads/TechnologyPapers/PI_Measurement_v1.0.pdf,2005:
[29] ISO/IEC 15939:2007(E),Systems and software engineering—Measurement process[S].Switzerland,ISO:3,20.
[30]杨红,杨德礼.基于GQM的软件体系结构适应性度量方法研究[J].计算机应用研究,2007,10:30-34.
[31]王桢珍,武小悦,刘忠.信息安全风险过程的规划渗透图模型[J].计算机科学,2009,6:44-46.
[32]江常青.一种基于系统安全性差距分析的风险评估尺度和方法[J].电子学报,2006,12A:2556-2559.
[33] E.Kuiper,P.llaneza.Draft Text for ISO/IEC 3rd WD 27004,Information technology—Security techniques—Information security management measurements[R/OL]:http://www.ni.din.de/sc27,2006.
[34]王毅刚,吴昌伦.信息安全管理标准BS7799-2:2002介绍及风险评估.2003,8.
[35] John Murdoch.PSM Security Measurement White Paper V3.0[R/OL].http://www.psmsc.com/ Downloads/TechnologyPapers/SecurityWhitePaper_v3.0.pdf,2006,1.
[36] Pau-Chen Cheng,Pankaj Rohatgj Rohatgi,Claudia Keser. Fuzzy MLS:An Experiment on Quantified Risk-Adaptive Access Control [J].IBM Thomas J. Watson Research Center,2006,1.
[37] Nadya Bartol,BoozAllen Hamilton.Practical Measurement framework for Software Assurance and Information Security(Draft) [R/OL].http://www.psmsc.com/Downloads/TechnologyPapers/Security WhitePaper_v3.0.pdf.2008,10.
[38] Staron M.,Meding W.,Nilsson C..A framework for develop measurement systems and its industrial evaluation [J].Information and software Technology,2009,(51),721-737.
[39] Algirdas Aviaienis,Jean-Claude Laprie,Brian Randell,Carl Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing [J].IEEE Transactions on Dependable and Secure Computing, 2004,1(1):11-33.
[40] Peter Mell,Karen Scarfone,Sasha Romanosky.A Complete Guide to the Common Vulnerability Scoring System Version 2.0[EB/OL]:http://www.first.org/cvss/cvss-guide.html,2007.
[41] FIESR.Common Vulnerability Scoring System (CVSS-SIG)[EB/OL].http://www.first.org/cvss/, 2008,4.
[42]杜薇.基于终端环境量化评估的PMI访问控制模型的研究与实现[D].上海交通大学,2009:
[43] Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser.Fuzzy MLS:An Experiment on Quantified Risk-Adaptive Access Control [J].IBM Thomas J. Watson Research Center.2007,3.
[44] Junfend Tian,Tao Liu,Hongqiang Jiao.Entropy Weight Coefficient Method for Evaluating Intrusion Detection Systems[C].International Symposium on Electronic Commerce and Security,IEEE Computer Society,2008,592-598.
[2]唐成华,余顺争.基于安全保障能力的网络安全策略评估[J].武汉大学学报(理工版),2009,2:109-112.
[3]陈晓苏,林植,冯向东.基于分层模型的网络安全策略逐级求精算法[J].小型微型计算机系统,2007,6:998-1002.
[4] Wayne Jansen.Directions in Security Metrics Research.NISTIR7564,2009,03.
[5] Ronda Hennning , Rayford B.Vaughn , Ambarren Siraj . Information Assurance Measures and Metrids-State of Practice and Proposed Taxonomy[J].Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03).IEEE Computer Society,2002:
[6]秦智,张仕斌.基于证据理论的安全策略有效性评估模型[J].昆明理工大学学报,2010,2:83-87.
[7]吕欣.信息系统安全度量理论和方法研究[J].计算机科学,2008,11:42-44.
[8] A.westerinen et al.Terminology for Policy-based Management[S].RFC3198,2001.
[9] Denis Trcek.Security policy management for networked information systems[C].Network Operations and Management Symposium,2000:
[10] Damianou N.A Policy Framework for Management of Distributed Systems[D].Ph.D.thesis.Imperial College of Science.Technology And Medicine of London University.2002:
[11] Damianou,N.dulay,E.Lupu and M.sloman.The Ponder Policy Specification Language [S].In Proceedings of the Policy Workshop 2001,HP Labs,Bristol,UK,Springer-Verlag.2001:
[12] Marianne Swanson,et al.Security Metrics Guide for Information Technology Systems[R/OL].NIST Special Publication 800-55:http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf,2003,7.
[13] Elizabeth Chew,Marianne Swanson,Kevin Stine,et al.Performance Measurement Guide for Information Security (DRAFT) [R/OL].NIST Special Publication 800-55 Revision 1 (DRAFT):http://csrc.nist.gov/ publications/PubsDrafts.html#SP-800-55-Rev.%201,2007,9.
[14]中国认证认可信息网.ISMS标准体系-ISO/IEC 27000族简介[EB/OL].http://www.cnca. gov.cn/ caitbbs/forum.jsp?forumID=81,2007.
[15] Systems Security Engineering Capability Maturity Model.International Systems security Engineering Association(ISSEA),referenced on July 7,2008:http://www.sse-cmm.org/metric/metric.asp
[16]江常青.信息系统安全测度[J].国家信息安全测评认证,2008,3:17-20.
[17]闫强.信息系统安全评估研究[D].北京大学,2003:
[18]崔宝灵,张洁,杨昌.系统安全工程能力成熟模型安全度量研究[J].哈尔滨工业大学学报,2003,3:293-297.
[19]赵文.信息安全保障度量及综合评价研究[D].四川大学数学学院,2006:
[20]王君毅.可信计算平台中信任链的可信赖度量指标与方法研究[D].北京邮电大学软件学院,2007:
[21]温红子.商务安全策略及其形式分析研究[D].中国科学院软件研究所博士学位论文.2004:
[22]彭军.网络安全策略监控模型及关键技术研究[D].解放军信息工程大学电子技术学院.2009:
[23] Shirley C.Payne . A Guide to Security Metrics . SANS Security Essentials GSEC Practical Assignment.Version 1.2e. 2006,6:http://www.sans.org/reading_room/whitepapers/auditing/55.php.
[24] CISWG (USA).Report of the Best Practices and Metrics Teams[R/OL]:http://www.cisecurity.org/ Documents/BPMetricsTeamReportFinal111704Rev11005.pdf,2004,7.
[25]李强.入侵检测系统运行安全度量研究[D].解放军信息工程大学,2010:
[26] ISSEA.ISSEA Metrcs[R/OL].http://www.incits.org/tc_home/CS1/2005docs/cs1050045. pdf,2005:
[27] Metricon3.0. Metricon3.0 Agenda [EB/OL].http://www.securitymetrics.org/content/Wiki.jsp?page= Metricon3.0. 2008,8.
[28] Joyce Statz. Measurement Guidance for Process Improvement V1.0 [R/OL]:http://www.psmsc.com/ Downloads/TechnologyPapers/PI_Measurement_v1.0.pdf,2005:
[29] ISO/IEC 15939:2007(E),Systems and software engineering—Measurement process[S].Switzerland,ISO:3,20.
[30]杨红,杨德礼.基于GQM的软件体系结构适应性度量方法研究[J].计算机应用研究,2007,10:30-34.
[31]王桢珍,武小悦,刘忠.信息安全风险过程的规划渗透图模型[J].计算机科学,2009,6:44-46.
[32]江常青.一种基于系统安全性差距分析的风险评估尺度和方法[J].电子学报,2006,12A:2556-2559.
[33] E.Kuiper,P.llaneza.Draft Text for ISO/IEC 3rd WD 27004,Information technology—Security techniques—Information security management measurements[R/OL]:http://www.ni.din.de/sc27,2006.
[34]王毅刚,吴昌伦.信息安全管理标准BS7799-2:2002介绍及风险评估.2003,8.
[35] John Murdoch.PSM Security Measurement White Paper V3.0[R/OL].http://www.psmsc.com/ Downloads/TechnologyPapers/SecurityWhitePaper_v3.0.pdf,2006,1.
[36] Pau-Chen Cheng,Pankaj Rohatgj Rohatgi,Claudia Keser. Fuzzy MLS:An Experiment on Quantified Risk-Adaptive Access Control [J].IBM Thomas J. Watson Research Center,2006,1.
[37] Nadya Bartol,BoozAllen Hamilton.Practical Measurement framework for Software Assurance and Information Security(Draft) [R/OL].http://www.psmsc.com/Downloads/TechnologyPapers/Security WhitePaper_v3.0.pdf.2008,10.
[38] Staron M.,Meding W.,Nilsson C..A framework for develop measurement systems and its industrial evaluation [J].Information and software Technology,2009,(51),721-737.
[39] Algirdas Aviaienis,Jean-Claude Laprie,Brian Randell,Carl Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing [J].IEEE Transactions on Dependable and Secure Computing, 2004,1(1):11-33.
[40] Peter Mell,Karen Scarfone,Sasha Romanosky.A Complete Guide to the Common Vulnerability Scoring System Version 2.0[EB/OL]:http://www.first.org/cvss/cvss-guide.html,2007.
[41] FIESR.Common Vulnerability Scoring System (CVSS-SIG)[EB/OL].http://www.first.org/cvss/, 2008,4.
[42]杜薇.基于终端环境量化评估的PMI访问控制模型的研究与实现[D].上海交通大学,2009:
[43] Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser.Fuzzy MLS:An Experiment on Quantified Risk-Adaptive Access Control [J].IBM Thomas J. Watson Research Center.2007,3.
[44] Junfend Tian,Tao Liu,Hongqiang Jiao.Entropy Weight Coefficient Method for Evaluating Intrusion Detection Systems[C].International Symposium on Electronic Commerce and Security,IEEE Computer Society,2008,592-598.