Abstract
It’s essential for critical systems to measure their security status. However, the research on the information system security evaluation still faces many difficulties which are caused by the complexity of the system and the inexplicit relation between the component security and the system security. In this paper, an object-oriented information system security evaluation method is introduced, the security context object model and security evaluation object model are established. These models resolve the current problems and a set of information system security evaluation tools are developed according to these works. The application of the tools is introduced and the deficiencies which need further improvement are also pointed out.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
National Criteria of PRC. Computer Information System Security Protection Classifying Criteria, in Chinese (1999), Available at http://www.infosec.org.cn/fanv/03_22.htm
Ghosh, A.K., McGraw, G.: An Approach for Certifying Security in Software Components. In: Proceedings of 21st NIST-NCSC National Information Systems Security Conference, pp. 42–48 (1998)
Han, J., Zheng, Y.: Security Characterisation and Integrity Assurance for Software Components and Component-Based Systems. In: Proceedings of 1998 Australasian Workshop on Software Architectures, Melbourne, pp. 83–89 (1998)
Clark Weissman. Penetration Testing. Technical report, Naval Research Laboratory, NRL Technical Memorandum 5540:082A (January 1995)
Yee, B.S.: Security Metrology and Monty Hall Problem (April 2001), Available at, http://www.cs.ucsd.edu/~bsy/pub/metrology.pdf
Common Criteria Project Sponsoring Organisations, Common Criteria for Information Security Evaluation Part 1:Introduction and general model, Version 2.1 (August 1999)
Herrmann, P., Krumm, H.: Object-oriented Security Analysis and Modeling. In: Proceedings of 9th International Conference on Telecommunication Systems – Modelling and Analysis, ATSMA, IFIP, Dallas, TX, USA, March 2001, pp. 21–32 (2001)
Bramlage, J.L.: A New Paradigm For Performing Risk Assessment. In: Proceedings of 20th National Information Systems Security Conference, Baltimore, Maryland, October 1997, pp. 565–576 (1997)
Olivier, M.S., von Solms, S.H.: An Object-based Version of the Path Context Model. International Journal of Computer Mathematics 49(3&4), 133–144 (1993)
Barnett, B.: NOOSE – Networked Object-Oriented Security Examiner. In: Proceedings of the 14th Systems Administration Conference (LISA 2000), New Orleans, Louisiana, USA, December 3-8, pp. 369–378 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yan, Q., Shu, Hy. (2005). The Application of an Object-Oriented Method in Information System Security Evaluation. In: Winther, R., Gran, B.A., Dahll, G. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2005. Lecture Notes in Computer Science, vol 3688. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563228_27
Download citation
DOI: https://doi.org/10.1007/11563228_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29200-5
Online ISBN: 978-3-540-32000-5
eBook Packages: Computer ScienceComputer Science (R0)