产品信息保密管理方法研究
|
摘要
信息保密一直都是我国理论界和实业界关心的热点研究领域,产品信息作为企业知识创新的重要载体之一,其安全保密管理关系到企业的生存和发展。随着企业信息化的深入发展,产品信息贯穿产品全生命周期,表现为动态性、异构性、分布性的特点,产品信息保密管理的难度和复杂度大大提高,传统的产品信息保密管理方法在产品信息动态、实时的保密管理方面显得乏力,这要求人们从新的视角来审视企业产品信息保密管理,建立满足PLM需求的产品信息保密管理系统。
本文针对企业产品信息保密管理存在的问题,在分析和研究国内外信息保密管理理论及其在企业应用现状的基础上,结合我国企业保密管理的实际需求,应用系统化、集成化的管理思想,研究了产品信息保密管理体系和相关技术方法。
论文分析了企业产品信息保密管理的内涵,建立了面向信息保密的产品信息模型和产品信息资产模型,并分析了PLM环境下产品信息保密的特征和产品信息保密管理的需求,以此为基础构建了产品信息保密管理的体系结构,分析了产品信息保密管理的层次结构和功能结构,提出了产品信息保密管理的关键技术,并根据系统集成的实际难点,提出基于系统过滤的系统集成模型。
从降低产品信息保密管理复杂度的角度,提出面向系统边界的产品信息保密控制方法。根据企业产品信息保密管理的现状和相关国际标准,建立产品信息保密系统边界模型,通过对产品信息保密系统边界的控制对象进行安全性分析,建立系统边界控制对象概念模型、基于系统边界的层次化威胁模型和面向过程的系统边界安全约束模型。在上述研究基础上,提出产品信息保密系统边界操作控制方法,包括基于规则的边界操作控制方法和基于约束关联的系统边界操作控制方法,通过上述方法,实现产品信息边界操作动态、实时控制,防止产品信息泄密。
研究面向保密管理的产品信息跟踪方法。通过建立产品信息状态模型,分析产品信息流动过程中的信息状态变化,建立面向过程的产品信息状态跟踪模型,实现产品信息位置跟踪;通过分析产品信息流动过程中信息间的关系,建立基于向量空间的产品信息拓扑结构模型,并对信息拓扑结构树进行形式化处理,实现产品信息关系跟踪。该方法为实现产品信息边界操作控制提供了必要的决策支持,是实现产品信息保密集成管理的基础。
以PMI模型为基础,从企业全局的角度研究面向过程控制的PMI授权管理方法。在分析PLM环境下权限管理的过程动态性基础上,对系统约束进行了层次划分,给出了系统约束集成模型,建立了基于T-RBAC的访问控制模型;针对企业对机密信息保密的特殊需求,利用基于T-RBAC的访问控制模型,提出了企业机密信息访问控制管理方法,着重研究机密信息保密管理的流程和特殊控制机制与方法;根据上述研究,将T-RBAC模型引入PMI角色模型,提出基于T-RBAC的PMI授权管理方法。该方法在保持原PMI模型优点基础上,能够实现基于角色、任务、角色和任务的3种访问控制,为企业信息保密管理提供保障。
将论文研究成果与工程实际结合,根据企业产品信息保密管理现状和具体管理需求状况,建立产品信息保密管理的系统软件原型及相应系统架构、功能等,给出了系统分析、系统设计方法,并对系统软件原型进行测试和分析。产品信息保密管理方法及其信息支持系统的研究,为产品信息保密管理的应用提供了一组基础性方法,有利于推动产品信息保密管理理论与实践的发展,对现阶段我国企业具有现实意义。
Information security is focused by both academic researchers and enterprise practitioners, and Product information is one of carrier with knowledge innovation in an enterprise,whose security management is important for enterprises development.With the development of enterprises information construction, the period of product information security management covers the whole product life, which increases the difficulty and complexity of management. Traditional product information management method becomes weak in dynamic and real-time product management, while it is an opportunity to the innovation of product information security management to build up the system of product information security management for PLM.
To deal with some problems in the product information security management, on the basis of analyzing the information security theories and application status in enterprises, according to the ideas of system theory and integration theory, a product information security management system framework and its implementation techniques are studied in the dissertation with different engineering methods.
The contents of product information security management are analyzed, and the paper builds product information model and product information assets model for security management. The product information security management framework structure is proposed based on analyzing the features and requirement of product information security management in PLM environment, which includes hierarchy structure and functional structure. And then the paper presents the key technologies of Product information security management and a system integration model based on filtering system according to the real difficulties for system integration process.
From the reduced complexity of perspective, a system boundary control method for product information security is proposed. By building the system boundary model, the security management objects in the system boundary are analyzed. And then a concept model for system boundary controlling objects, a hierarchical threat model based on system boundary and a security constrain model for system boundary controlling process are proposed. And on the base of the above models a system boundary control method for product information security management is presented including a system boundary operation control method based on rules and a system boundary operation control method on constrain relationships, which can achieve the dynamic, real-time control and prevent leakage of product information.
The method of controlling and managing product information flow is proposed. By analyzing the change characters in product information business process in PLM environment, a condition describing model of product information is presented, which realizes that dynamic conditions of product information can be tracked. Thus, a querying and tracking method for processes of product information based on information topologic structure Model is proposed through the relation study among product information, product information topologic structure and vector spaces, which realizes the process of locating and tracking quickly. The method provides the necessary decision support for product information security boundary operation control, and it is the base of product information security management.
From the overall view of enterprises an authorization management for process control based on PMI model is researched. By analyzing dynamic process of access control in PLM and hierarchical system constrains, an access control model based on T-RBAC is built. And to deal with special protection requirement for sensitive information, an access control method for sensitive information of enterprises is presented, which focuses on special control method for sensitive information managing process. According to the above study, by introducing T-RBAC model into PMI role mode a PMI security management method based on T-RBAC is proposed, which can support information security management with three ways of access control including access control based on role, task and role and task.
Combining the study result and security management situation in enterprise, an information system software prototype based on the product information security management conditions and requirements for enterprises is established including system framework,function model, system analysis method, system design method and system implementation method, which is tested and analyzed. The study of product information security management method and its support system is favorable to promoting information security management theory and practice with practically significant to enterprises.
本文针对企业产品信息保密管理存在的问题,在分析和研究国内外信息保密管理理论及其在企业应用现状的基础上,结合我国企业保密管理的实际需求,应用系统化、集成化的管理思想,研究了产品信息保密管理体系和相关技术方法。
论文分析了企业产品信息保密管理的内涵,建立了面向信息保密的产品信息模型和产品信息资产模型,并分析了PLM环境下产品信息保密的特征和产品信息保密管理的需求,以此为基础构建了产品信息保密管理的体系结构,分析了产品信息保密管理的层次结构和功能结构,提出了产品信息保密管理的关键技术,并根据系统集成的实际难点,提出基于系统过滤的系统集成模型。
从降低产品信息保密管理复杂度的角度,提出面向系统边界的产品信息保密控制方法。根据企业产品信息保密管理的现状和相关国际标准,建立产品信息保密系统边界模型,通过对产品信息保密系统边界的控制对象进行安全性分析,建立系统边界控制对象概念模型、基于系统边界的层次化威胁模型和面向过程的系统边界安全约束模型。在上述研究基础上,提出产品信息保密系统边界操作控制方法,包括基于规则的边界操作控制方法和基于约束关联的系统边界操作控制方法,通过上述方法,实现产品信息边界操作动态、实时控制,防止产品信息泄密。
研究面向保密管理的产品信息跟踪方法。通过建立产品信息状态模型,分析产品信息流动过程中的信息状态变化,建立面向过程的产品信息状态跟踪模型,实现产品信息位置跟踪;通过分析产品信息流动过程中信息间的关系,建立基于向量空间的产品信息拓扑结构模型,并对信息拓扑结构树进行形式化处理,实现产品信息关系跟踪。该方法为实现产品信息边界操作控制提供了必要的决策支持,是实现产品信息保密集成管理的基础。
以PMI模型为基础,从企业全局的角度研究面向过程控制的PMI授权管理方法。在分析PLM环境下权限管理的过程动态性基础上,对系统约束进行了层次划分,给出了系统约束集成模型,建立了基于T-RBAC的访问控制模型;针对企业对机密信息保密的特殊需求,利用基于T-RBAC的访问控制模型,提出了企业机密信息访问控制管理方法,着重研究机密信息保密管理的流程和特殊控制机制与方法;根据上述研究,将T-RBAC模型引入PMI角色模型,提出基于T-RBAC的PMI授权管理方法。该方法在保持原PMI模型优点基础上,能够实现基于角色、任务、角色和任务的3种访问控制,为企业信息保密管理提供保障。
将论文研究成果与工程实际结合,根据企业产品信息保密管理现状和具体管理需求状况,建立产品信息保密管理的系统软件原型及相应系统架构、功能等,给出了系统分析、系统设计方法,并对系统软件原型进行测试和分析。产品信息保密管理方法及其信息支持系统的研究,为产品信息保密管理的应用提供了一组基础性方法,有利于推动产品信息保密管理理论与实践的发展,对现阶段我国企业具有现实意义。
Information security is focused by both academic researchers and enterprise practitioners, and Product information is one of carrier with knowledge innovation in an enterprise,whose security management is important for enterprises development.With the development of enterprises information construction, the period of product information security management covers the whole product life, which increases the difficulty and complexity of management. Traditional product information management method becomes weak in dynamic and real-time product management, while it is an opportunity to the innovation of product information security management to build up the system of product information security management for PLM.
To deal with some problems in the product information security management, on the basis of analyzing the information security theories and application status in enterprises, according to the ideas of system theory and integration theory, a product information security management system framework and its implementation techniques are studied in the dissertation with different engineering methods.
The contents of product information security management are analyzed, and the paper builds product information model and product information assets model for security management. The product information security management framework structure is proposed based on analyzing the features and requirement of product information security management in PLM environment, which includes hierarchy structure and functional structure. And then the paper presents the key technologies of Product information security management and a system integration model based on filtering system according to the real difficulties for system integration process.
From the reduced complexity of perspective, a system boundary control method for product information security is proposed. By building the system boundary model, the security management objects in the system boundary are analyzed. And then a concept model for system boundary controlling objects, a hierarchical threat model based on system boundary and a security constrain model for system boundary controlling process are proposed. And on the base of the above models a system boundary control method for product information security management is presented including a system boundary operation control method based on rules and a system boundary operation control method on constrain relationships, which can achieve the dynamic, real-time control and prevent leakage of product information.
The method of controlling and managing product information flow is proposed. By analyzing the change characters in product information business process in PLM environment, a condition describing model of product information is presented, which realizes that dynamic conditions of product information can be tracked. Thus, a querying and tracking method for processes of product information based on information topologic structure Model is proposed through the relation study among product information, product information topologic structure and vector spaces, which realizes the process of locating and tracking quickly. The method provides the necessary decision support for product information security boundary operation control, and it is the base of product information security management.
From the overall view of enterprises an authorization management for process control based on PMI model is researched. By analyzing dynamic process of access control in PLM and hierarchical system constrains, an access control model based on T-RBAC is built. And to deal with special protection requirement for sensitive information, an access control method for sensitive information of enterprises is presented, which focuses on special control method for sensitive information managing process. According to the above study, by introducing T-RBAC model into PMI role mode a PMI security management method based on T-RBAC is proposed, which can support information security management with three ways of access control including access control based on role, task and role and task.
Combining the study result and security management situation in enterprise, an information system software prototype based on the product information security management conditions and requirements for enterprises is established including system framework,function model, system analysis method, system design method and system implementation method, which is tested and analyzed. The study of product information security management method and its support system is favorable to promoting information security management theory and practice with practically significant to enterprises.
引文
[1]陈宗舜.制造业信息化与信息编码[M].2004,北京:清华大学出版社.
[2]胡自新.装配型制造业传统生产管理模式的革命[EB].http://www.enet.com.cn/article/2007/0314/A20070314483652.shtml.北京,2007.
[3]杨海成.祁国宁.制造业信息化工程——背景、内容与案例.2003,北京:机械工业出版社.
[4]徐俊刚,企业管理信息化[EB].http://www.ceo114.com/pro/8/detail-96442.html.中国经理人,2004.4.
[5]张伯鹏.制造信息学[M].2003,北京:清华大学出版社.
[6]刘飞,杨丹,易树平.,制造系统理论体系框架及其应用.中国机械工程[J],1996.7(1):43-47.
[7]Dimitris Kiritsis,Ahmed Bufardi,Paul Xirouchakis. Research issues on product lifecycle management and information tracking using smart embedded systems. Computers in Industry[J],2007.58(8-9):855-868.
[8]梁晓燕,王如龙,王军丽,杨健.信息安全保密中信息泄密途径及其防护.微计算机应用[J],2004.25(4):406-411.
[9]杨海成,祁国宁.制造业信息化技术的发展趋势.中国机械工程[J],2005.15(19):1693-1697.
[10]赵战生,杜虹,吕述望.信息安全保密教程[M].2006,合肥:中国科学技术大学出版社.
[11]FBI,CSI.Computer Crime and Security Survey 2005[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2005.pdf. USA,2005.
[12]FBI.CSI.Computer Crime and Security Survey 2006[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2006.pdf. USA,2006.
[13]FBI,CSI.Computer Crime and Security Survey 2007[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2007.pdf. USA,2007.
[14]FBI,CSI.Computer Crime and Security Survey 2008[EB]. http://i.cmpnet.com/v2.gocsi.com/pdffCSIsurvey2008.pdf. USA,2008.
[15]2006中国计算机网络安全应急年会会议报告.国家计算机网络应急技术处理及协调中心[EB].http://www. cert.org.cn/articles/docs/common/2006112163190.shtml.北京,2006.
[16]潘飞.计算机信息系统的保密技术防范和管理.电子政务[J],2008:103-106.
[17]SMB. PCWorld. COM. CN. EMC收购RSA初见成效[EB].http://smb.pcworld. com. cn/1/2007/0328/343.shtml.2007.
[18],张建伦.微软制衡内容管理软件市场[EB].http://www.kmpro.cn/html/glss/glpt/20080311/5430.html.2008.
[19]收购战略:探究甲骨文的中间件之路[EB].http://pp.ppsj.com.cn.2008.
[20]AUTONOMY公司.AUTONOMY成功完成收购INTERWOVEN公司[EB].http://www.autonomy.com.cn/content/News/Releases/2009/0320.html.2009
[21]谢卫军.非传统安全视角下我国信息安全问题的危机管理,国际关系.2008,华东师范大学.
[22]张浩.钢铁制造业集成成本管理方法及应用研究,大连理工大学.2007,大连理工大学:大连.
[23]李明,吴忠.信息安全发展研究与综述.上海工程技术大学学报[J],2005.9.19(3):258-262.
[24]安东尼·布鲁斯.数据泄露监测方法谈.IT rader[J],2008.5:28-30.
[25]Finne,T. The Information security chain in a company.computers&security [J],1996. 115(4):297-317.
[26]Finne,T. A conceptual framework for information security management Computers & Security[J],1998.17(4):303-307.
[27]Finne, T. Information Systems Risk Management:Key Concepts and Business Processes Computers & Security [J],March 2000.19(3):234-242.
[28]Edge, M.Security is a process,Not a product. Computer Fraud & Security [J],2001. 2001(1):14-16.
[29]Daniel Mellado, E. F.-M.,Mario Piattini.A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces[J],2007.29(2):244-253.
[30]Daniel Mellado, C. B.,Luis E. Sanchez,Eduardo Fernandez-Medina. A systematic review of security requirements engineering. Computer Standards & Interfaces [J],2010. 32(4):153-165.
[31]吕述望.知识安全与知识可控.信息安全与通讯保密[J],2004.3:11-15.
[32]刘远生.计算机网络安全[M].2006:清华大学出版社.
[33]韩锐生,徐开勇,赵彬.P2DR模型中策略部署模型的研究与设计.计算机工程[J],2008.34(20):180-184.
[34]沈昌祥.基于积极防御的安全保障框架.中国信息导报[J],2003.10:50-52.
[35]沈昌祥.高安全及信息系统等级保护建设整改技术框架.信息安全与通讯保密[J],2008.12:11-14.
[36]赵勇.重要信息系统安全体系结构及实用模型研[D](博士论文).2008,北京交通大学
[37]刘益和,沈昌祥.基于应用区域边界体系结构的安全模型.计算机科学[J],2006.33(2):83-86.
[38]陈兴蜀.应用区域边界的安全体系结构及实用模型研究[D](博士论文).2004,四川大学.
[39]Anderson, E. E.,Enterprise Information Security Strateies.computers&security[J], 2008.127(1-2):22-29.
[40]Eirik Albrechtsen, J. H.,The information security digital divide between information security managers and users.Computers & Security[J],2009.28(6):476-490.
[41]Mikko Siponen, R. W.,Information security management standards:Problems and solutions. Information & Management[J],2009.46(5):267-270.
[42]Srinivasan, V.,An integration framework for product lifecycle management Computer-Aided Design, In Press,Corrected Proof, Available online 10 December 2008 [J],10 December 2008. Available online.
[43].Kamel Rouibah,Dynamic data sharing and security in a collaborative product definition management system.Robotics and Computer-Integrated Manufacturing [J], 2007.23(2):217-233.
[44]Carlos Eduardo Pereira, L. C.,Distributed real-time embedded systems:Recent advances, future trends and their impact on manufacturing plant control Annual Reviews in Control[J],2007.31(1):81-92.
[45]Sudarsan Rachuri,E. S.,Abdelaziz Bouras, Steven J. Fenves, Sebti Foufou, Ram D. Sriram, Information sharing and exchange in the context of product lifecycle management:Role of standards. Computer-Aided Design[J],2008.40(7):789-800.
[46]Xiaoyu Yang, P.M.,Seng Kwong Chong, Intelligent products:From lifecycle data acquisition to enabling product-related services Computers in Industry[J], April,2009.60(3):189-184.
[47]盛可军,沈昌祥,刘吉强.基于组织机构的应用区域边界访问控制系统的研究.计算机工程与应用[J],2004.25:131-135.
[48]唐为民,韩臻,沈昌祥.一种基于角色的强制访问控制模型.北京交通大学学报[J],2010.4.34(2):6.
[49]Wood, C. C.,A context for information systems security planning. Computers & Security [J],1988.7(5):455-465.
[50]Maria Karyda, E.K.,Spyros Kokolakis, Information systems security policies:a contextual perspective. Computers & Security [J],2005.24(3):246-260.
[51]Basie,v.,Solms,Information Security-A Multidimensional Discipline. Computers & Security [J],2001.20(6):504-508.
[52]Diamini,M. T.,Information security:The moving target.computers&security [J],2009. 128(3-4):189-199.
[53]Hyeun-Suk Rhee, C.K. Self-Efficacy in Information Security:its Influence on End USers' Information Security Practice Behavior.computers&security 2009 URL.
[54]H. A. Kruger, W.D.K.,A prototype for assessing information security awareness. Computers & Security[J],2006.25(4):289-296.
[55]K. K. Leong, K. M. Y.,W. B. Lee, Product data allocation for distributed product data management system. Computers in Industry[J],2002.47(3):289-300.
[56]K. K. Leong, K. M. Y.,W. B. Lee, A security model for distributed product data management system. Computers in Industry[J],2003.50(2):179-193.
[57]Jan Woerner, H. W.,A security architecture integrated co-operative engineering platform for organised model exchange in a Digital Factory environment.Computers in Industry[J],2005.56(4):347-350.
[58]于万钧,刘大有,李嘉菲,李妮娅,刘全.面向产品生命周期的工作流管理功能建模.计算机集成制造系统[J],2005.11(7):909-1006.
[59]马广华,郑东.产品数据管理系统中的信息安全应用研究[D](硕士论文).2006,上海交通大学.
[60]纪丰伟,陈恳,刘敏,于晓强.产品数据管理系统安全体系的研究.中国机械工程[J],2002.13(2):149-153.
[61]赛迪顾问.2009年度中国信息安全产品市场研究年度报告[EB].2008.
[62]韩景丰,赵道致.基于博弈分析的供应链创新知识泄露风险与应对策略研究.组合机床与自动化加工技术[J],2008:104-110.
[63]沈建新,周儒荣.产品全生命周期管理系统框架及关键技术研究.南京航空航天大学学报[J],2003.35(5):565-572.
[64]王璐,韩磊,张海英,郝宁.全生命周期管理对企业信息化发展的思考.航天器环境工程[J],2007.24:397-401.
[65]Etiel Petrinja, V. S.,Z iga Turk, A provenance data management system for improving the product modelling process. Automation in Construction, [J],2007.16(4):485-497.
[66]李响烁,祁国宁.支持PLM系统开发实施的集成产品模型.浙江大学学报(工学版)[J],2008.42(3):418-425.
[67]E. Kritzinger, E. S.,Information security management.computers&security [J],2008. 127(5-6):224-231.
[68]王红艳,陈伟达.信息资产的界定与评估方法研究.东南大学学报(哲学社会科学版)[J],2001.3(4A):66-70.
[69]Kwo-Jean Farn, S.-K. L,Andrew Ren-Wei Fung,A study on information security management system evaluation—ssets,threat and vulnerability.Computer Standards & Interfaces[J],2004..26(6):512-524.
[70]R. Sudarsan, S.J. F.,R. D. Sriram, F. Wang, A product information modeling framework for product lifecycle management. Computer-Aided Design [J],2005. 37(13):1399-1412.
[71]舒启林,王成恩.产品全生命周期信息模型研究.计算机集成制造系统[J],2005.11(8):1051-1058.
[72]刘雪梅,王旭霞.全生命周期产品信息模型重庆大学学报(自然科学版)[J],2001.25(1):138-140.
[73]余志伟.面向业务过程的信息系统安全需求识别方法及其关键技术研究.[D](博士理论文).2006,浙江大学.
[74]Yacine Rezgui,A.M.,Information security awareness in higher education:An exploratory study. Computers & Security[J],2008.27(7-8):241-253.
[75]薛冬娟.复杂装备制造企业物料集成管理技术研究[D](博士理论文).2007,大连理工大学.
[76]程渤,浮花玲,杨国纬,庹先国.计算机集成制造系统,面向服务的企业集成体系中信息安全模型研究.[J],2005.11(8):8.
[77]张立涛,钱醒三.基于系统边界分析的信息安全管理斡件研究.管理工程学报[J],2006.20(3):57-61.
[78]Hong-Bae Jun, D. K.,Paul Xirouchakis,Research issues on closed-loop PLM. Computers in Industry[J],2007.58(8-9):855-868.
[79]I. Djordjevic, T. D.,N. Romano, D. Mac Randal, P. Ritrovato, Dynamic security perimeters for inter-enterprise service integration. Future Generation Computer Systems[J],2007.23(4):633-657.
[80]赵勇,刘吉强,韩臻,沈昌祥.信息泄露防御模型在企业内网安全中的应用.计算机研究与发展[J],2007.44(5):761-767.
[81]孙魏渊,宋斌.CIMS环境下PDM信息安全模型的研究和构建.湘潭大学自然科学学报,2003.25(2):22-25.
[82]Solms, B.v.,Information Security—A Multidimensional Discipline. Computers & Security[J],2001.20(6):504-508.
[83]孟学军,石岗.基于P2DR的网络安全体系机构.计算机工程[J],2004.30(4):99-102.
[84]Haralambos Mouratidis,P. G.,Gordon Manson,When security meets software engineering a case of modelling secure information systems.Information Systems[J],2005. 30(8):609-629.
[85]杨晓懿.基于内容分析的信息安全过滤技术研究[D](博士论文).2005,四川大学.
[86]Microsoft,MICROSOFT WINDOWS SERVER.2003 IFS DDK.2003.
[87]Carriso K.S.Tong,K. H. F., Henry Y. H. Huang, Implementation of IS017799 and BS7799 in picture archiving and communication system:local experience in implementation of BS7799 standard, in International Congress Series 2003.2003.p.311-318.
[88]许国志.系统科学[M].2000,上海:上海科技教育出版社.
[89]张立涛.基于系统边界分析的信息安全管理模型研究[D](博士论文).2005,上海理工大学.
[90]郭晓军,宋朝霞,汪玥.对信息系统边界定义的探讨.中国集体经济[J],2008:49-53.
[91]严广乐,王浣尘.边界沉思.管理科学学报[J],2000.3(1):79-85.
[92]Frank, A.,Egenhofer, M.,D.Hudson. The Design of Spatial Information Systems Part 1:Formal Systems[EB]. grouse.spatial.maine.edu/pub/SurveyEng/sve451/451.ps,2002.
[93]ISO, IEC.ISO/IEC 17799:2000 BS7799-1:2000 Information Technology-Code of practice for information security management[S].2000:ISO, IEC.
[94]周佑源.基于ISO27001的信息安全风险评估研究与实现[D](硕士论文).2007,北京交通大学.
[95]Mikko Siponen, R.W.,Information security management standards Problems and solutions. Information & Management[J],2009.46(5):267-271.
[96]Sundt,C.,Information security and the law.Information Security Technical Report [J],2006.11(1):2-9.
[97]肖龙.信息系统风险分析与量化评估,应用数学.2006,四川大学:四川.p.113.
[98]刘炜,刘鲁.基于ISM的知识系统安全性风险分析研究.计算机工程与应用[J],2006.14.
[99]杨彤,王能民.知识管理过程中的风险识别.情报方法[J],2005.2005(5):2-6.
[100]翁勇南.信息安全中内部威胁者行为倾向研究[D](硕士论文).2006,北京交通大学.
[101]Jussipekka Leiwo, L.-F. K.,Douglas L. Maskell,Nenad Stankovic, A technique for expressing IT security objectives. Information and Software Technology [J],2006. 48(7):532-539.
[102]Julie J.C. H. Ryan, D. J.R.,Expected benefits of information security investments. Computers & Security[J],2006.25(8):579-588.
[103]Evan E. Anderson, J. C.,Enterprise information security strategies.Computers & Security[J],2008.27(1-2):22-29.
[104]Jeffrey M. Stanton, K. R.S.,Paul Mastrangelo,Jeffrey Jolton, Analysis of end user security behaviors. Computers & Security[J],2005.24(2):124-133.
[105]Bogdan Ksiezopolski,Z. K.,Adaptable security mechanism for dynamic environments. Computers & Security[J],2007.26(3):246-255.
[106]谢钧,黄皓.基于可信级别的多级安全策略及其状态机模型.软件学报[J],2004.15(11):1700-1709.
[107]Y Cui,J. W. Practical Lineage Tracing in Data Warehouse[C].in. Proc.of the Sixteenth International Conference on Data Engineerin.2000.San Diego,Californi:IEEE.
[108]王生发,顾新建,张太华,郭剑锋,潘敏.协同设计中的知识流控制技术.农业机械学报[J],2008.39(11):122-127.
[109]许芳,徐国虎.知识管理中的知识流动分析.情报科学[J],2003.21(5)1:548-552.
[110]赵希男,刘炳东.基于拓扑结构的知识管理模式.科学学研究[J],2006.24(2):279-282.
[111]张丽,徐进.授权管理基础设施技术在企业权限管理中的应用.计算机应用[J],2005.25(11):2571-2574.
[112]杨丽琴,王凤英.TRBAC中的权限细分与访问控制策略.山东理工大学学报(自然科学版)[J],2007.21(2):88-92.
[113]Taeseong Kim, C. D. C.,William C. Regli,Hyunseung Choo, JungHyun Han, Multi-Level modeling and access control for data sharing in collaborative design. Advanced Engineering Informatics[J],2006.20(1):47-57.
[114]李新天,刘国勤,王庆福,杜栓平.基于三重数据加密标准的目标数据保密技术.声学与电子工程[J],2008:23-27.
[115]张世富,徐秋亮.信息系统中信息的保密技术的应用研究.山东通信技术[J];2004.24(3):27-29.
[116]Schultz,E. E.,The gap between cryptography and information security. Computers & Security[J],2002.21(8):674-677.
[117]翁健.基于身份的密钥泄漏保护机制的研究[D](博士论文).2008,上海交通大学.
[118]刘晓冰,白朝阳.基于身份认证的存储安全密钥管理方法[P]:中国,CN200910011579.0.2009.5
[119]Kandala S, S. R. Secure Role Based Workflow Models[C].the 15th Annual Working Conference on Database and Application Security.2002.Ontario,Canada:IEEE.
[120]Sejong O, S.P.,Task-role Based Access Control Mode.Information Systems[J],2003. 28(6):533-562.
[121]Sandhu R S, C. E. J.,和Feinstein H L, Role Based Access Control Models[IEEE Computer [J],1996.29(2):38-47.
[122]Vassilis Kapsalis, L. H.,Dimitris Karelis, Stavros Koubias, A Dynamic Context-aware Access Control Architecture for E-services. Computers & Security [J],2006. 25(7):507-521.
[123]F. L. Gutierrez Vela, J. L.I.M.,P. Paderewski Rodriguez, M. Sanchez Roman, B. Jimenez Valverde,An architecture for access control management in collaborative enterprise systems based on organization models. Science of Computer Programming [J],2007. 66(1):44-59.
[124]Javier Lopez, A.M.,Juan J. Ortega, Jose M. Troya, Mariemma I.Yague, Integrating PMI services in CORBA applications. Computer Standards & Interfaces [J],2003. 25(4):391-409.
[125]B Blobel,R. N.,J Mike Davisc and P Pharowa, Modelling privilege management and access control.International Journal of Medical Informatics [J],2006.75(8):597-627.
[126]WU Li-jun, S.K.-l.,YANG Zhi-hua, A Role-Based PMI Security Model for E-Governmen. Wuhan University Journal of Natural Science [J],2005.10(1):329-333.
[127]周文斌.基于角色访问控制的工作流管理系统的信息安全研究[D](硕士论文).2007.同济大学.
[128]杨志聪.基于PMI属性证书权限的访问控制判断研究与实现[D](硕士论文).2005,西南交通大学.
[129]尹志兵,黄红明,熊桂喜.一种基于PMI的访问控制模型及其应用.计算机工程[J],2004.30(1):121-124.
[130]Kary Framling, T.A.-R.,Mikko Karkkainen, Jan Holmstrom, Agent-based model for managing composite product information. Computers in Industry [J],2006. 57(1):72-81.
[131]黄梅.基于Agent的虚拟企业信息安全模型研究[D](硕士论文).2007,武汉理工大学.
[132]黄晶,刘大有,杨博,闫璞,王莉丽,贾海洋.基于中间件的Web智能系统集成开发平台 吉林大学学报(工学版)[J],2008.38(1):116-123.
[133]Haralambos Mouratidis,P. G.,Gordon Manson, Security Attack Testing(SAT)—testing the security of information systems at design time Information Systems[J],December 2007.32(8):1166-1183.
[2]胡自新.装配型制造业传统生产管理模式的革命[EB].http://www.enet.com.cn/article/2007/0314/A20070314483652.shtml.北京,2007.
[3]杨海成.祁国宁.制造业信息化工程——背景、内容与案例.2003,北京:机械工业出版社.
[4]徐俊刚,企业管理信息化[EB].http://www.ceo114.com/pro/8/detail-96442.html.中国经理人,2004.4.
[5]张伯鹏.制造信息学[M].2003,北京:清华大学出版社.
[6]刘飞,杨丹,易树平.,制造系统理论体系框架及其应用.中国机械工程[J],1996.7(1):43-47.
[7]Dimitris Kiritsis,Ahmed Bufardi,Paul Xirouchakis. Research issues on product lifecycle management and information tracking using smart embedded systems. Computers in Industry[J],2007.58(8-9):855-868.
[8]梁晓燕,王如龙,王军丽,杨健.信息安全保密中信息泄密途径及其防护.微计算机应用[J],2004.25(4):406-411.
[9]杨海成,祁国宁.制造业信息化技术的发展趋势.中国机械工程[J],2005.15(19):1693-1697.
[10]赵战生,杜虹,吕述望.信息安全保密教程[M].2006,合肥:中国科学技术大学出版社.
[11]FBI,CSI.Computer Crime and Security Survey 2005[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2005.pdf. USA,2005.
[12]FBI.CSI.Computer Crime and Security Survey 2006[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2006.pdf. USA,2006.
[13]FBI,CSI.Computer Crime and Security Survey 2007[EB]. http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2007.pdf. USA,2007.
[14]FBI,CSI.Computer Crime and Security Survey 2008[EB]. http://i.cmpnet.com/v2.gocsi.com/pdffCSIsurvey2008.pdf. USA,2008.
[15]2006中国计算机网络安全应急年会会议报告.国家计算机网络应急技术处理及协调中心[EB].http://www. cert.org.cn/articles/docs/common/2006112163190.shtml.北京,2006.
[16]潘飞.计算机信息系统的保密技术防范和管理.电子政务[J],2008:103-106.
[17]SMB. PCWorld. COM. CN. EMC收购RSA初见成效[EB].http://smb.pcworld. com. cn/1/2007/0328/343.shtml.2007.
[18],张建伦.微软制衡内容管理软件市场[EB].http://www.kmpro.cn/html/glss/glpt/20080311/5430.html.2008.
[19]收购战略:探究甲骨文的中间件之路[EB].http://pp.ppsj.com.cn.2008.
[20]AUTONOMY公司.AUTONOMY成功完成收购INTERWOVEN公司[EB].http://www.autonomy.com.cn/content/News/Releases/2009/0320.html.2009
[21]谢卫军.非传统安全视角下我国信息安全问题的危机管理,国际关系.2008,华东师范大学.
[22]张浩.钢铁制造业集成成本管理方法及应用研究,大连理工大学.2007,大连理工大学:大连.
[23]李明,吴忠.信息安全发展研究与综述.上海工程技术大学学报[J],2005.9.19(3):258-262.
[24]安东尼·布鲁斯.数据泄露监测方法谈.IT rader[J],2008.5:28-30.
[25]Finne,T. The Information security chain in a company.computers&security [J],1996. 115(4):297-317.
[26]Finne,T. A conceptual framework for information security management Computers & Security[J],1998.17(4):303-307.
[27]Finne, T. Information Systems Risk Management:Key Concepts and Business Processes Computers & Security [J],March 2000.19(3):234-242.
[28]Edge, M.Security is a process,Not a product. Computer Fraud & Security [J],2001. 2001(1):14-16.
[29]Daniel Mellado, E. F.-M.,Mario Piattini.A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces[J],2007.29(2):244-253.
[30]Daniel Mellado, C. B.,Luis E. Sanchez,Eduardo Fernandez-Medina. A systematic review of security requirements engineering. Computer Standards & Interfaces [J],2010. 32(4):153-165.
[31]吕述望.知识安全与知识可控.信息安全与通讯保密[J],2004.3:11-15.
[32]刘远生.计算机网络安全[M].2006:清华大学出版社.
[33]韩锐生,徐开勇,赵彬.P2DR模型中策略部署模型的研究与设计.计算机工程[J],2008.34(20):180-184.
[34]沈昌祥.基于积极防御的安全保障框架.中国信息导报[J],2003.10:50-52.
[35]沈昌祥.高安全及信息系统等级保护建设整改技术框架.信息安全与通讯保密[J],2008.12:11-14.
[36]赵勇.重要信息系统安全体系结构及实用模型研[D](博士论文).2008,北京交通大学
[37]刘益和,沈昌祥.基于应用区域边界体系结构的安全模型.计算机科学[J],2006.33(2):83-86.
[38]陈兴蜀.应用区域边界的安全体系结构及实用模型研究[D](博士论文).2004,四川大学.
[39]Anderson, E. E.,Enterprise Information Security Strateies.computers&security[J], 2008.127(1-2):22-29.
[40]Eirik Albrechtsen, J. H.,The information security digital divide between information security managers and users.Computers & Security[J],2009.28(6):476-490.
[41]Mikko Siponen, R. W.,Information security management standards:Problems and solutions. Information & Management[J],2009.46(5):267-270.
[42]Srinivasan, V.,An integration framework for product lifecycle management Computer-Aided Design, In Press,Corrected Proof, Available online 10 December 2008 [J],10 December 2008. Available online.
[43].Kamel Rouibah,Dynamic data sharing and security in a collaborative product definition management system.Robotics and Computer-Integrated Manufacturing [J], 2007.23(2):217-233.
[44]Carlos Eduardo Pereira, L. C.,Distributed real-time embedded systems:Recent advances, future trends and their impact on manufacturing plant control Annual Reviews in Control[J],2007.31(1):81-92.
[45]Sudarsan Rachuri,E. S.,Abdelaziz Bouras, Steven J. Fenves, Sebti Foufou, Ram D. Sriram, Information sharing and exchange in the context of product lifecycle management:Role of standards. Computer-Aided Design[J],2008.40(7):789-800.
[46]Xiaoyu Yang, P.M.,Seng Kwong Chong, Intelligent products:From lifecycle data acquisition to enabling product-related services Computers in Industry[J], April,2009.60(3):189-184.
[47]盛可军,沈昌祥,刘吉强.基于组织机构的应用区域边界访问控制系统的研究.计算机工程与应用[J],2004.25:131-135.
[48]唐为民,韩臻,沈昌祥.一种基于角色的强制访问控制模型.北京交通大学学报[J],2010.4.34(2):6.
[49]Wood, C. C.,A context for information systems security planning. Computers & Security [J],1988.7(5):455-465.
[50]Maria Karyda, E.K.,Spyros Kokolakis, Information systems security policies:a contextual perspective. Computers & Security [J],2005.24(3):246-260.
[51]Basie,v.,Solms,Information Security-A Multidimensional Discipline. Computers & Security [J],2001.20(6):504-508.
[52]Diamini,M. T.,Information security:The moving target.computers&security [J],2009. 128(3-4):189-199.
[53]Hyeun-Suk Rhee, C.K. Self-Efficacy in Information Security:its Influence on End USers' Information Security Practice Behavior.computers&security 2009 URL.
[54]H. A. Kruger, W.D.K.,A prototype for assessing information security awareness. Computers & Security[J],2006.25(4):289-296.
[55]K. K. Leong, K. M. Y.,W. B. Lee, Product data allocation for distributed product data management system. Computers in Industry[J],2002.47(3):289-300.
[56]K. K. Leong, K. M. Y.,W. B. Lee, A security model for distributed product data management system. Computers in Industry[J],2003.50(2):179-193.
[57]Jan Woerner, H. W.,A security architecture integrated co-operative engineering platform for organised model exchange in a Digital Factory environment.Computers in Industry[J],2005.56(4):347-350.
[58]于万钧,刘大有,李嘉菲,李妮娅,刘全.面向产品生命周期的工作流管理功能建模.计算机集成制造系统[J],2005.11(7):909-1006.
[59]马广华,郑东.产品数据管理系统中的信息安全应用研究[D](硕士论文).2006,上海交通大学.
[60]纪丰伟,陈恳,刘敏,于晓强.产品数据管理系统安全体系的研究.中国机械工程[J],2002.13(2):149-153.
[61]赛迪顾问.2009年度中国信息安全产品市场研究年度报告[EB].2008.
[62]韩景丰,赵道致.基于博弈分析的供应链创新知识泄露风险与应对策略研究.组合机床与自动化加工技术[J],2008:104-110.
[63]沈建新,周儒荣.产品全生命周期管理系统框架及关键技术研究.南京航空航天大学学报[J],2003.35(5):565-572.
[64]王璐,韩磊,张海英,郝宁.全生命周期管理对企业信息化发展的思考.航天器环境工程[J],2007.24:397-401.
[65]Etiel Petrinja, V. S.,Z iga Turk, A provenance data management system for improving the product modelling process. Automation in Construction, [J],2007.16(4):485-497.
[66]李响烁,祁国宁.支持PLM系统开发实施的集成产品模型.浙江大学学报(工学版)[J],2008.42(3):418-425.
[67]E. Kritzinger, E. S.,Information security management.computers&security [J],2008. 127(5-6):224-231.
[68]王红艳,陈伟达.信息资产的界定与评估方法研究.东南大学学报(哲学社会科学版)[J],2001.3(4A):66-70.
[69]Kwo-Jean Farn, S.-K. L,Andrew Ren-Wei Fung,A study on information security management system evaluation—ssets,threat and vulnerability.Computer Standards & Interfaces[J],2004..26(6):512-524.
[70]R. Sudarsan, S.J. F.,R. D. Sriram, F. Wang, A product information modeling framework for product lifecycle management. Computer-Aided Design [J],2005. 37(13):1399-1412.
[71]舒启林,王成恩.产品全生命周期信息模型研究.计算机集成制造系统[J],2005.11(8):1051-1058.
[72]刘雪梅,王旭霞.全生命周期产品信息模型重庆大学学报(自然科学版)[J],2001.25(1):138-140.
[73]余志伟.面向业务过程的信息系统安全需求识别方法及其关键技术研究.[D](博士理论文).2006,浙江大学.
[74]Yacine Rezgui,A.M.,Information security awareness in higher education:An exploratory study. Computers & Security[J],2008.27(7-8):241-253.
[75]薛冬娟.复杂装备制造企业物料集成管理技术研究[D](博士理论文).2007,大连理工大学.
[76]程渤,浮花玲,杨国纬,庹先国.计算机集成制造系统,面向服务的企业集成体系中信息安全模型研究.[J],2005.11(8):8.
[77]张立涛,钱醒三.基于系统边界分析的信息安全管理斡件研究.管理工程学报[J],2006.20(3):57-61.
[78]Hong-Bae Jun, D. K.,Paul Xirouchakis,Research issues on closed-loop PLM. Computers in Industry[J],2007.58(8-9):855-868.
[79]I. Djordjevic, T. D.,N. Romano, D. Mac Randal, P. Ritrovato, Dynamic security perimeters for inter-enterprise service integration. Future Generation Computer Systems[J],2007.23(4):633-657.
[80]赵勇,刘吉强,韩臻,沈昌祥.信息泄露防御模型在企业内网安全中的应用.计算机研究与发展[J],2007.44(5):761-767.
[81]孙魏渊,宋斌.CIMS环境下PDM信息安全模型的研究和构建.湘潭大学自然科学学报,2003.25(2):22-25.
[82]Solms, B.v.,Information Security—A Multidimensional Discipline. Computers & Security[J],2001.20(6):504-508.
[83]孟学军,石岗.基于P2DR的网络安全体系机构.计算机工程[J],2004.30(4):99-102.
[84]Haralambos Mouratidis,P. G.,Gordon Manson,When security meets software engineering a case of modelling secure information systems.Information Systems[J],2005. 30(8):609-629.
[85]杨晓懿.基于内容分析的信息安全过滤技术研究[D](博士论文).2005,四川大学.
[86]Microsoft,MICROSOFT WINDOWS SERVER.2003 IFS DDK.2003.
[87]Carriso K.S.Tong,K. H. F., Henry Y. H. Huang, Implementation of IS017799 and BS7799 in picture archiving and communication system:local experience in implementation of BS7799 standard, in International Congress Series 2003.2003.p.311-318.
[88]许国志.系统科学[M].2000,上海:上海科技教育出版社.
[89]张立涛.基于系统边界分析的信息安全管理模型研究[D](博士论文).2005,上海理工大学.
[90]郭晓军,宋朝霞,汪玥.对信息系统边界定义的探讨.中国集体经济[J],2008:49-53.
[91]严广乐,王浣尘.边界沉思.管理科学学报[J],2000.3(1):79-85.
[92]Frank, A.,Egenhofer, M.,D.Hudson. The Design of Spatial Information Systems Part 1:Formal Systems[EB]. grouse.spatial.maine.edu/pub/SurveyEng/sve451/451.ps,2002.
[93]ISO, IEC.ISO/IEC 17799:2000 BS7799-1:2000 Information Technology-Code of practice for information security management[S].2000:ISO, IEC.
[94]周佑源.基于ISO27001的信息安全风险评估研究与实现[D](硕士论文).2007,北京交通大学.
[95]Mikko Siponen, R.W.,Information security management standards Problems and solutions. Information & Management[J],2009.46(5):267-271.
[96]Sundt,C.,Information security and the law.Information Security Technical Report [J],2006.11(1):2-9.
[97]肖龙.信息系统风险分析与量化评估,应用数学.2006,四川大学:四川.p.113.
[98]刘炜,刘鲁.基于ISM的知识系统安全性风险分析研究.计算机工程与应用[J],2006.14.
[99]杨彤,王能民.知识管理过程中的风险识别.情报方法[J],2005.2005(5):2-6.
[100]翁勇南.信息安全中内部威胁者行为倾向研究[D](硕士论文).2006,北京交通大学.
[101]Jussipekka Leiwo, L.-F. K.,Douglas L. Maskell,Nenad Stankovic, A technique for expressing IT security objectives. Information and Software Technology [J],2006. 48(7):532-539.
[102]Julie J.C. H. Ryan, D. J.R.,Expected benefits of information security investments. Computers & Security[J],2006.25(8):579-588.
[103]Evan E. Anderson, J. C.,Enterprise information security strategies.Computers & Security[J],2008.27(1-2):22-29.
[104]Jeffrey M. Stanton, K. R.S.,Paul Mastrangelo,Jeffrey Jolton, Analysis of end user security behaviors. Computers & Security[J],2005.24(2):124-133.
[105]Bogdan Ksiezopolski,Z. K.,Adaptable security mechanism for dynamic environments. Computers & Security[J],2007.26(3):246-255.
[106]谢钧,黄皓.基于可信级别的多级安全策略及其状态机模型.软件学报[J],2004.15(11):1700-1709.
[107]Y Cui,J. W. Practical Lineage Tracing in Data Warehouse[C].in. Proc.of the Sixteenth International Conference on Data Engineerin.2000.San Diego,Californi:IEEE.
[108]王生发,顾新建,张太华,郭剑锋,潘敏.协同设计中的知识流控制技术.农业机械学报[J],2008.39(11):122-127.
[109]许芳,徐国虎.知识管理中的知识流动分析.情报科学[J],2003.21(5)1:548-552.
[110]赵希男,刘炳东.基于拓扑结构的知识管理模式.科学学研究[J],2006.24(2):279-282.
[111]张丽,徐进.授权管理基础设施技术在企业权限管理中的应用.计算机应用[J],2005.25(11):2571-2574.
[112]杨丽琴,王凤英.TRBAC中的权限细分与访问控制策略.山东理工大学学报(自然科学版)[J],2007.21(2):88-92.
[113]Taeseong Kim, C. D. C.,William C. Regli,Hyunseung Choo, JungHyun Han, Multi-Level modeling and access control for data sharing in collaborative design. Advanced Engineering Informatics[J],2006.20(1):47-57.
[114]李新天,刘国勤,王庆福,杜栓平.基于三重数据加密标准的目标数据保密技术.声学与电子工程[J],2008:23-27.
[115]张世富,徐秋亮.信息系统中信息的保密技术的应用研究.山东通信技术[J];2004.24(3):27-29.
[116]Schultz,E. E.,The gap between cryptography and information security. Computers & Security[J],2002.21(8):674-677.
[117]翁健.基于身份的密钥泄漏保护机制的研究[D](博士论文).2008,上海交通大学.
[118]刘晓冰,白朝阳.基于身份认证的存储安全密钥管理方法[P]:中国,CN200910011579.0.2009.5
[119]Kandala S, S. R. Secure Role Based Workflow Models[C].the 15th Annual Working Conference on Database and Application Security.2002.Ontario,Canada:IEEE.
[120]Sejong O, S.P.,Task-role Based Access Control Mode.Information Systems[J],2003. 28(6):533-562.
[121]Sandhu R S, C. E. J.,和Feinstein H L, Role Based Access Control Models[IEEE Computer [J],1996.29(2):38-47.
[122]Vassilis Kapsalis, L. H.,Dimitris Karelis, Stavros Koubias, A Dynamic Context-aware Access Control Architecture for E-services. Computers & Security [J],2006. 25(7):507-521.
[123]F. L. Gutierrez Vela, J. L.I.M.,P. Paderewski Rodriguez, M. Sanchez Roman, B. Jimenez Valverde,An architecture for access control management in collaborative enterprise systems based on organization models. Science of Computer Programming [J],2007. 66(1):44-59.
[124]Javier Lopez, A.M.,Juan J. Ortega, Jose M. Troya, Mariemma I.Yague, Integrating PMI services in CORBA applications. Computer Standards & Interfaces [J],2003. 25(4):391-409.
[125]B Blobel,R. N.,J Mike Davisc and P Pharowa, Modelling privilege management and access control.International Journal of Medical Informatics [J],2006.75(8):597-627.
[126]WU Li-jun, S.K.-l.,YANG Zhi-hua, A Role-Based PMI Security Model for E-Governmen. Wuhan University Journal of Natural Science [J],2005.10(1):329-333.
[127]周文斌.基于角色访问控制的工作流管理系统的信息安全研究[D](硕士论文).2007.同济大学.
[128]杨志聪.基于PMI属性证书权限的访问控制判断研究与实现[D](硕士论文).2005,西南交通大学.
[129]尹志兵,黄红明,熊桂喜.一种基于PMI的访问控制模型及其应用.计算机工程[J],2004.30(1):121-124.
[130]Kary Framling, T.A.-R.,Mikko Karkkainen, Jan Holmstrom, Agent-based model for managing composite product information. Computers in Industry [J],2006. 57(1):72-81.
[131]黄梅.基于Agent的虚拟企业信息安全模型研究[D](硕士论文).2007,武汉理工大学.
[132]黄晶,刘大有,杨博,闫璞,王莉丽,贾海洋.基于中间件的Web智能系统集成开发平台 吉林大学学报(工学版)[J],2008.38(1):116-123.
[133]Haralambos Mouratidis,P. G.,Gordon Manson, Security Attack Testing(SAT)—testing the security of information systems at design time Information Systems[J],December 2007.32(8):1166-1183.