一种信息系统生存性的量化分析框架
A Framework of Quantitative Analysis for Information System Survivability
-
摘要: 生存性是信息系统在安全性之上必需考虑的问题,对其量化分析可对系统生存性做出更为准确的评价以改进系统。基于有限状态机描述信息系统,利用系统状态转移图来定义生存性分析过程,而系统状态的层次化结构避免了Markov链模型中的列举系统状态问题。在SNA方法的基础上,提出一种便于计算机实现的生存性量化分析框架:通过系统定义、系统生存性测试和生存性计算,最后给出分析报告。其中基于事件分类分级建立的事件库使得测试方案的生成自动化和客观化,系统的生存性通过层次化的方式从可抵抗性、可识别性和可恢复性3个方面进行了量化计算。Abstract: Survivability should be considered beyond security for information system, and quantitative analysis can assess system survivability accurately for improvement. Information system is presented by finite state machine and its state transition map is used to describe analysis process, where the hierarchical structure of system state avoids the problem of enumerating states in Markov chain model. Based on SNA method, a framework of quantitative analysis is introduced: defining system, testing systems survivability, computing survivability, and giving analysis report finally, which is easily implemented by computer. In the framework, the event database which is based on event classification and grade makes creating test project automatically and objectively, and survivability is computed through resistance, recognition and recovery in a hierarchical process.
计量
- 文章访问数: 2726
- HTML全文浏览量: 110
- PDF下载量: 958
- 被引次数: 0