【作者】 林雪纲；

【导师】 朱淼良； 许榕生；

【作者基本信息】 浙江大学 ， 计算机科学与技术， 2006， 博士

【摘要】 随着现代社会日益趋于信息化,信息系统在日常生活中扮演着举足轻重的作用。虽然传统的安全措施提高了信息系统的安全性,但各种入侵事件还是不断的发生,为此必须考虑系统在入侵发生后还能否提供用户满意的服务,这就是生存性。在信息系统生存性研究中,包含有生存性设计和生存性分析两大领域,其中生存性分析着重研究如何评价系统的生存性,目标是提供一个标准的评测标准,从而实施如同信息安全等级认证的生存性认证。 信息系统生存性的研究历史并不长也远未达到成熟阶段,表现在生存性的定义并没统一化,更多的研究停留在定性分析以及理论上的量化分析,距离可真正进行实际应用的生存性定量分析还有很大的差距。 本文对信息系统生存性的量化分析进行了探讨,其中,主要在涉及到量化分析的以下几个方面进行了研究。 首先,对信息系统生存性和可靠性、容错性、QoS相关概念进行了对比分析,并利用形式化方法从系统与环境的关系出发描述了生存性定义。 第二,基于信息系统的开放复杂性,将整个生存性分析问题划分为系统、环境以及分析过程三个子问题,并分别提出各自的模型。三个模型充分考虑了实际分析中的可行性问题,以系统服务为核心来组织系统组件,从而避免了系统的复杂性;利用事件的分级以及不同事件的组合,对系统环境进行定义;通过系统状态的层次化结构,避免了传统的基于系统状态的分析模型中直接系统状态定义和状态转移分析。 第三,提出了一个针对信息系统的生存性分析框架SAF-NIS,该分析框架将整个分析流程划分为七个步骤,而这七个步骤可总结为与分析模型相对应的系统定义、环境定义、生存性测试和结果分析四个阶段。与SNA方法相比,该分析框架最终实现了生存性的量化分析,而且分析更多还原

【Abstract】 As we turn into informationa society, information systems are more important for people’s normal life. Though traditional security can improve information system’s security, kinds of intrusions remain as before. Then, we must consider whether system can provide satisfied service when they have been intruded, and this is called survivability. In the research of survivability, there are two major fields: survivability design and survivability analysis, and the latter mostly study how to evaluate system survivability, whose purpose is to provide an evaluation standard for realizing survivability certification.The history of researching information system’s survivability is not long, and the research result is far from mature, which can be concluded as following: the definition of survivability was not unified, and most researches are on qualitative analysis and theoretical quantificative analysis which is far from being applied in practice.This thesis focuses on quantificative analysis framework of information system, which is composed of the following aspects:Firstly, based on comparing survivability with correlative concept such as dependability, fault tolerance and QoS, the definition of information system survivability is gived by formalization based on the relations between sytem and environment.Secondly, as information system is an open complex system, the entire problem of survability analysis is divided into three subproblmes: system, environment and analysis process, each of whose models is provided. The three models fully consider the feasibility of practice: system components are combined through system service which avoids system’s complex structure;environment is described by events degradation and combination of differentevents;Hierarchical structure of system state is provided, which avoids definition of system state and analysis of state transitions in the traditional system state-based analysis model.Thirdly, a framework of information system survivability analysis is provided, which is named SAF-NIS. According to the analysis model, the entire analysis process is composed of seven steps in this framework, which can be concluded into four phases: system definition, environment definition, survivability test and result analysis. Comparing with SNA method, this framework ultimately realizes quantificative analysis of survivability, and the event database in the framework makes the analysis more simple and fair. For the key issue of the framework: quantificative analysis, a hierarchical computation process is provided, and survivability is computed through "3R+A" (resistance, recognition, recovery and adaption), which contribute to the survivability degradation in the future.Fourthly, based on the concept of event scenario in survivability analysis, event is a part of event scenario, and a target-intention based hierarchical classification method is present. This classification method has the advantage of good expansibility and quickly locating event, for the refined process of event target and multidimensional space of event classification. Moreover, sevent quantificative indexes are present to grade events, and an event database is developed to collect normal events through classification and degradation, which is compatible with CVE and other vulnerability database.Finally, a case study is provided to demonstrate the entire process of survivability analysis. Furthermore, a prototype analysis platform is described which is developed to unify the entire analysis process, decrease the analysis workload and interference of human.更多还原