【作者】 关慧；

【导师】 郭义喜；

【作者基本信息】 解放军信息工程大学 ， 军事装备学， 2011， 硕士

【摘要】 随着军队信息化建设的不断深入,军事涉密网纷纷建立,大量安全设备投入使用,设计了众多安全策略,但是实际工作中由于安全策略的设计与执行相互分离,在策略执行环节存在着“二次风险”。如何度量安全策略执行风险,适时调整安全策略,全面掌握网络安全状态,提高管理决策人员和用户的信心,已成为军事涉密网安全管理面临的一个紧迫问题。论文重点探讨了军事涉密网的安全策略执行风险度量问题。首先,论文分析了安全策略执行风险度量的内涵及过程,并从度量目标、度量对象、度量方法和度量结果的角度阐述了安全策略执行风险度量的基本问题;其次,引入了GQM面向目标的分析模型,建立了基于GQM的度量开发模型,选取信息进出控制策略及终端准入控制策略进行策略执行风险分析,通过分析脆弱性及安全威胁,对涉密网安全策略执行过程中产生的“二次风险”进行了总结,并结合安全风险归纳出涉密网安全策略执行风险度量信息需求;然后,在信息进出控制策略执行风险度量中,建立了度量信息需求与度量指标之间的映射关系,设计了安全策略执行风险度量指标,形成了安全策略执行风险的度量集,并结合学院科研实验网进行了实例验证。最后,在终端准入控制策略执行风险度量中,依据度量信息需求设计了度量指标,结合安全策略执行风险的实际特点,设计了相适应的测量方法,并进行了综合评价分析。更多还原

【Abstract】 Along with development of the military information construction, the military intranets are built with many security equipments and different security policies. However, since the separations between the policy design and execution,“secondary risk”may exist in the policy implementation procedure. It is a key issue that how to measure the implementation risk of the security policy, adjust the security policy, get the whole network security state and enhance the decision-making and users’confidence.The execution risk measurement of the military intranet’s security policy is discussed in this thesis. First of all, the connotation and process are analysed in the execution risk measurement of security policy. The basic problems of the implementation risk measurement are elaborated with the measurement goal, object, method and result.Secondly, a GQM goal-oriented analysis model is introduced. Then, the measurement design model is built based on GQM. The information in-out control and accessing control policies are selected for the operation risk analysis. By analyzing the vulnerability and security threaten, the“secondary risk”is concluded from the policy operating process. According to the security risk, the information demands are summarized for the security policy operation risk measurement.Then the mapping relationship, which is between the information demand and the measurement index, is constructed in the operation risk measurement of information in-out control policy. The indexes of policy operation risk are devised, and a measurement set is composed with the indexes. The measurement methods and results are validated by using the institute’s scientific research network.At last the metrics indexs are designed according to the measurement information demand in the operation risk measurement of the terminal’s access and control policy. Combining with the characteristic of policy operation, we design measurement method and evaluate the method comprehensively.更多还原