| This paper presents a novel approach to the security evaluation of information system: OOSD approach. During to the absence of evaluation theory, most of the security evaluation is informal, random, and low efficiency in practice. The organization need standards to regular their evaluation for the huge information system and network. Basing the model of Object Oriented Security Description (OOSD), the author gives a formal, open and clear framework for security evaluation. And in order to describe the security of information system more accurately, the author gives a set of related guidelines.The approach is mainly for information system which needs strong access control. It is a kind of quick-operating approach which lays particular stress on technical analysis and intrusion protection. By the approach, people can describe asset and build maintenance document more clearly, run evaluation project with more flexible period, disassemble task and reuse sub-process more easily and have a more open framework for cooperation. And the approach provides direction for roboticized evaluation software design.Most of the methods provided by the paper is easy to integrated into evaluation software and work automatically. It must be significative for information system managing, especially for huge information system.This paper consists of five chapters. The first chapter introduces the importance and summarizes related research. The second chapter introduces currently theory of security evaluation. The third chapter provides OOSD approach. In the fourth chapter, the author builds a set of guidelines to assist appliance of the approach. The fifth chapter summarizes the paper and indicates the future work. |
PDF Full Text Request