Study on Model-based Security Assessment of Information Systems

被引:0
|
作者
Li, Xiangdong [1 ]
Han, Xinchao [1 ]
Zheng, Qiusheng [1 ]
机构
[1] Zhengzhou Univ Technol, Zhengzhou Key Lab Comp Network Secur Assessment, Sch Comp Sci, Zhengzhou 450007, Henan, Peoples R China
来源
2010 SECOND INTERNATIONAL CONFERENCE ON E-LEARNING, E-BUSINESS, ENTERPRISE INFORMATION SYSTEMS, AND E-GOVERNMENT (EEEE 2010), VOL I | 2010年
关键词
security assessment; vulnerability; attack tree; attack graph; ATTACK; GENERATION;
D O I
暂无
中图分类号
F8 [财政、金融];
学科分类号
0202 ;
摘要
Security problems of an information system are mainly due to its internal vulnerabilities, by exploiting which external threats do harm to the system. Security Assessment of Vulnerabilities (SAV) is, with appropriate methods, to assess an information system by investigating vulnerabilities in its architecture, hardware, software, networks, and protocols. These methods can be divided into two categories: rule-based and model-based, and the later draws more research focuses at present. In this paper we make an extensive survey on existing model-based approaches to security assessment of vulnerabilities in information systems, analysing their working mechanics, advantages and disadvantages. Finally, conclusions are made on open problems in model-based security assessment, and on the possible future directions of the research.
引用
收藏
页码:289 / 292
页数:4
相关论文
共 50 条
  • [1] Study on Model-Based Security Assessment of Information Systems
    Li, Xiangdong
    Han, Xinchao
    Zheng, Qiusheng
    [J]. COMPUTING AND INTELLIGENT SYSTEMS, PT III, 2011, 233 : 401 - 406
  • [2] A model-based methodology to support systems security design and assessment
    Shaked, Avi
    [J]. JOURNAL OF INDUSTRIAL INFORMATION INTEGRATION, 2023, 33
  • [3] Model-based risk assessment for cyber physical systems security
    Tantawy, Ashraf
    Abdelwahed, Sherif
    Erradi, Abdelkarim
    Shaban, Khaled
    [J]. COMPUTERS & SECURITY, 2020, 96
  • [4] Model-based security engineering of distributed information systems using UMLsec
    Best, Bastian
    Jurjens, Jan
    Nuseibeh, Bashar
    [J]. ICSE 2007: 29TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2007, : 581 - +
  • [5] Specification of Information Flow Security Policies in Model-Based Systems Engineering
    Gerking, Christopher
    [J]. SOFTWARE TECHNOLOGIES: APPLICATIONS AND FOUNDATIONS, 2018, 11176 : 617 - 632
  • [6] Model-based Assessment of Data Availability in Health Information Systems
    Winter, A.
    Struebing, A.
    [J]. METHODS OF INFORMATION IN MEDICINE, 2008, 47 (05) : 417 - 424
  • [7] Model-Based Systems Security Quantification
    Ouchani, Samir
    Jarraya, Yosr
    Mohamed, Otmane Ait
    [J]. 2011 NINTH ANNUAL INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST, 2011, : 142 - 149
  • [8] Foundations for model-based systems engineering and model-based safety assessment
    Rauzy, Antoine B.
    Haskins, Cecilia
    [J]. SYSTEMS ENGINEERING, 2019, 22 (02) : 146 - 155
  • [9] Towards Model-Based Security Assessment of Cloud Applications
    Casola, Valentina
    De Benedictis, Alessandra
    Nardone, Roberto
    [J]. GREEN, PERVASIVE, AND CLOUD COMPUTING (GPC 2017), 2017, 10232 : 773 - 785
  • [10] Model-based risk assessment to improve enterprise security
    Aagedal, JO
    den Braber, F
    Dimitrakos, T
    Gran, BA
    Raptis, D
    Stolen, K
    [J]. SIXTH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, PROCEEDINGS, 2002, : 51 - 62
12345