英语翻译ABSTRACT Security assessment is largely ad hoc today due to its inherent complexity.The existing methods are typically experimental in nature highly dependent of the assessor's experience,and the security metrics are usually qualitative.W
来源:学生作业帮助网 编辑:作业帮 时间:2024/11/18 04:51:24
英语翻译ABSTRACT Security assessment is largely ad hoc today due to its inherent complexity.The existing methods are typically experimental in nature highly dependent of the assessor's experience,and the security metrics are usually qualitative.W
英语翻译
ABSTRACT
Security assessment is largely ad hoc today due to its inherent complexity.The existing methods are typically experimental in nature highly dependent of the assessor's experience,and the security metrics are usually qualitative.We propose to address the dual problems of experimental analysis and qualitative metrics by developing two complementary approaches for security assessment:(1) analytical modeling,and (2) metrics-based assessment.To avoid experimental evaluation,we put forward a formal model that permits the accurate and scientific analysis of different security attributes and security flaws.To avoid qualitative metrics leading toa mbiguous conclusions,we put forward a collection of mathematical formulas based on which quantitative metrics can be derived.The vulnerability analysis model responses to the need for a theoretical foundation for modeling information security,and security metrics are the cornerstone of risk analysis and security management.In addition to the security analysis approach,we discuss security testing methods as well.A Relative Complete Coverage (RCC) principle is proposed along with an example of applying the RCC principle.The innovative ideas proposed in this paper include a hierarchical multi-level modeling approach to modeling vulnerability using model composition and refinement techniques,a data-centric,quantitative metrics mechanism,and multidimensional assessment capturing both process and product elements in a formalized framework.
英语翻译ABSTRACT Security assessment is largely ad hoc today due to its inherent complexity.The existing methods are typically experimental in nature highly dependent of the assessor's experience,and the security metrics are usually qualitative.W
摘要:
当下的安全评估由于其内在的复杂性绝大多数都是专门定制的.目前存在的评估方法一般都是实验性质的(注:我觉得这里应该是empirical 经验主义),高度取决于评估者的个人经验;安全的度量一般也都是定性的.为了处理(只有)实验性分析和定性度量这样的双重问题,我们提出了两个具有互补性的方案:1)建模分析;2)度量化评估.为了避免实验分析(注:应该是经验分析,empirical evaluation),我们给出了一个能够科学而精确地分析不同安全属性和漏洞的模型;而为了避免定性度量导致模棱两可的结论,我们使用了一系列数学公式的集合来推导定量的度量方法.(这样的)安全漏洞分析模型是对信息安全建模理论基础需求的回应;而安全度量则是风险分析和安全管理的重要基石.
除了安全(评估)分析方案,我们还讨论了安全测试方法,提出了一个称作相对全面覆盖(RCC)的原则并介绍了相关的应用实例.这个开创性的想法包括使用一个分层多级建模路径以及逐步求精的技巧来建立基于各个成分的安全漏洞模型;一个以数据为中心的定量度量机制;以及在标准框架下同时获取过程和结果要素的多元分析.