一种面向敏感信息处理的敏感度度量方法  被引量：4

作　　者：沙乐天[1] 傅建明[1] 陈晶[1] 黄诗勇 

机构地区：[1]空天信息安全与可信计算教育部重点实验室武汉大学武汉430072

出　　处：《计算机研究与发展》2014年第5期1050-1060,共11页Journal of Computer Research and Development

基　　金：国家科技重大专项基金项目(2010ZX03006-001-01);国家自然科学基金项目(61202387,90718005,61272451);高等学校博士学科点专项科研基金项目(20120141110002)

摘　　要：应用软件一般需要输入和处理敏感信息,如密码,以实现用户和远程服务器之间的可靠认证和安全交互.定量度量敏感信息在敏感信息处理中的安全性是目前研究的难点.根据敏感信息处理的流程和敏感信息出现点的上下文,定义敏感信息处理的固有属性、可变属性和推求属性,设计了从固有属性和可变属性到数据操作的映射规则,提出了基于层次分析法(analytic hierarchy process,AHP)及折中型多属性决策(technique for order preference by similarity to an ideal solution,TOPSIS)的敏感度计算方法,从而实现敏感度的定量计算,展示在敏感信息处理中敏感度的动态变化规律,为敏感信息处理的安全防护提供支持.该方法可以应用于可信软件的安全分析和可信度量,最后,实验分析了3种敏感信息在处理中的敏感度变化,发现了敏感信息处理的潜在危险点,从而证实了该方法的有效性.Application software needs to use sensitive information to build up the authentication between client and server, so how to measure the security or sensitivity of sensitive information during ／.. processing is an open issue. According to the procedure of sensmve information processing and context of its occurrence, inherent property, variable property and inferenced property have been defined, the mapping rules from these properties to data operations have been designed, and a method of sensitivity calculation based on AHP （analytic hierarchy process） and TOPSIS （technique for order preference by similarity to an ideal solution） has been proposed. This method can demonstrate dynamic changes of sensitivities among sensitive information processing to support security prevention against information leakage and attacks, and can be applied to security analysis and trust measure of trustworthy software on sensitive information. Finally, experimental results demonstrate that this method can describe sensitivity changes among sensitive information processing, and discover the potentially dangerous points in this processing, so its effectivity has been verified.

关 键 词：可信软件 可信度量 敏感信息 敏感度 折中型决策方法 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]