检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西安电子科技大学计算机学院,陕西西安710071 [2]解放军信息工程大学,河南郑州450001 [3]西北工业大学计算机学院,陕西西安710129 [4]北京中投科信科技发展有限公司,北京100055
出 处:《信息安全与通信保密》2014年第7期63-65,70,共4页Information Security and Communications Privacy
摘 要:针对系统中存在间接非授权访问可能性的量化分析和证明问题,提出了一种基于安全熵的量化分析理论。首先,结合信息论有关知识引入安全熵概念,提出系统对间接非授权访问行为响应的不确定性计算方法;然后,基于安全熵提出了系统的间接安全性定理,作为判断系统是否可能存在间接非授权访问的依据;最后,应用该方法对经典安全模型进行了量化分析,验证了该方法的实用性。结果证明该方法适用于系统或访问控制模型对间接非授权访问的防护能力评估和证明。To resolve the problems of quantitative analysis and proof on the probability of indirectly unauthorized access existing in the system, a quantitative analysis method based on security entropy is proposed. Firstly,the concept of security entropy is introduced in accordance with information theory, and the calculation method for uncertainty of the system' s response to the irregular access be- haviors is given. Then the security theorem based on security entropy is proposed ,which serves as a basis to determine if there are in- directly unauthorized accesses. Finally, the typical access control model is quantitively analyzed by the method, and through this, the practicability of this method is validated. The experiment result indicates that this methods is suitable for security quantitative analysis and proof on indirectly unauthorized access control capability in information system and access control model.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15