| 信息安全产品安全保证量化评估方法研究 |
| |
| 引用本文: | 陈驰,冯登国,徐震.信息安全产品安全保证量化评估方法研究[J].电子学报,2007,35(10):1886-1891. |
| |
| 作者姓名: | 陈驰 冯登国 徐震 |
| |
| 作者单位: | 中国科学院软件研究所信息安全国家重点实验室,北京,100080 |
| |
| 基金项目: | 国家863高技术研究发展计划(No.2004AA147070),国家自然科学基金(No.60603017) |
| |
| 摘 要: | CC标准进行信息安全产品测评时,传统评估方法使用二值逻辑表示评价结果,只能定性评估,不能体现安全保证量的差异.本文提出依据保护轮廓构建评估框架的方法;将评估员对组件的评价定义为三角模糊数的形式;提出底线折衷法综合各组件评价得出TOE(评估对象)安全保证的量化表示.最后,通过实例表明这是一种CC标准框架下的可操作和较为合理的信息安全产品测评方法.
|
| 关 键 词: | 量化评估 保护轮廓 评估框架 模糊数 底线折衷法 |
| 文章编号: | 0372-2112(2007)10-1886-06 |
| 修稿时间: | 2006-09-01 |
A Research on Quantitative Evaluation the Assurance of Information Security Products |
| |
| CHEN Chi,FENG Deng-guo,XU Zhen.A Research on Quantitative Evaluation the Assurance of Information Security Products[J].Acta Electronica Sinica,2007,35(10):1886-1891. |
| |
| Authors: | CHEN Chi FENG Deng-guo XU Zhen |
| |
| Affiliation: | State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080, China |
| |
| Abstract: | The traditional evaluation method of information security product using boolean variable to describe the evaluation result,which cannot show the quantitative deference of security assurance.In this paper,we present the method to construct assurance evaluation frame,using Fuzzy Quantity to define the evaluation result of evaluator,then present Baseline-Compromise Method,which can integrate the security attribute of each component.Examples in this paper and the application in evaluation platform show that this is an operable and impersonal approach to describe the TOE security assurance quantitatively. |
| |
| Keywords: | quantitative evaluation protect profile evaluation frame fuzzy quantity baseline-compromise method |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
