Study on Model-based Security Assessment of Information Systems

被引：0

作者：

Li, Xiangdong ^{[1
]}

Han, Xinchao ^{[1
]}

Zheng, Qiusheng ^{[1
]}

机构：

[1] Zhengzhou Univ Technol, Zhengzhou Key Lab Comp Network Secur Assessment, Sch Comp Sci, Zhengzhou 450007, Henan, Peoples R China

来源：

2010 SECOND INTERNATIONAL CONFERENCE ON E-LEARNING, E-BUSINESS, ENTERPRISE INFORMATION SYSTEMS, AND E-GOVERNMENT (EEEE 2010), VOL I | 2010年

关键词：

security assessment; vulnerability; attack tree; attack graph; ATTACK; GENERATION;

D O I：

暂无

中图分类号：

F8 [财政、金融];

学科分类号：

0202 ;

摘要：

Security problems of an information system are mainly due to its internal vulnerabilities, by exploiting which external threats do harm to the system. Security Assessment of Vulnerabilities (SAV) is, with appropriate methods, to assess an information system by investigating vulnerabilities in its architecture, hardware, software, networks, and protocols. These methods can be divided into two categories: rule-based and model-based, and the later draws more research focuses at present. In this paper we make an extensive survey on existing model-based approaches to security assessment of vulnerabilities in information systems, analysing their working mechanics, advantages and disadvantages. Finally, conclusions are made on open problems in model-based security assessment, and on the possible future directions of the research.

引用

页码：289 / 292

页数：4

共 50 条

[21] Information Systems Security Assessment Based on System Dynamics
Wei, Liu
Cui Yong-feng
Ya, Li
[J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (02): : 73 - 84
[22] Model-based security engineering for cyber-physical systems: A systematic mapping study
Nguyen, Phu H.
Ali, Shaukat
Yue, Tao
[J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2017, 83 : 116 - 135
[23] Model-based development of computer-based information systems
Kampfner, RR
[J]. INTERNATIONAL CONFERENCE AND WORKSHOP ON ENGINEERING OF COMPUTER-BASED SYSTEMS, PROCEEDINGS, 1997, : 354 - 359
[24] The information systems' security level assessment model based on an ontology and evidential reasoning approach
Solic, Kresimir
Ocevcic, Hrvoje
Golub, Marin
[J]. COMPUTERS & SECURITY, 2015, 55 : 100 - 112
[25] Model-based Design of Trustworthy Health Information Systems
Breu, R.
Sztipanovits, J.
Ammenwerth, E.
[J]. METHODS OF INFORMATION IN MEDICINE, 2008, 47 (05) : 389 - 391
[26] Model-based training methodology in Logistics Information Systems
Novitski, L
Ginters, E
Merkuryev, Y
[J]. SIMULATION IN INDUSTRY 2001, 2001, : 424 - 426
[27] Model-Based Security Risk Analysis for Networked Embedded Systems
Vasilevskaya, Maria
Nadjm-Tehrani, Simin
[J]. CRITICAL INFORMATION INFRASTRUCTURES SECURITY (CRITIS 2014), 2016, 8985 : 381 - 386
[28] An Evaluation of a Model-Based Testing Method for Information Systems
Santos-Neto, Pedro
Resende, Rodolfo F.
Padua, Clarindo
[J]. APPLIED COMPUTING 2008, VOLS 1-3, 2008, : 770 - +
[29] A model-based approach to information retrieval systems development
Ferreira, Joao
Silva, Alberto
Delgado, Jose
[J]. Proceedings of the 10th IASTED International Conference on Software Engineering and Applications, 2006, : 459 - 464
[30] Model-based security testing in IoT systems: A Rapid Review
Lonetti, Francesca
Bertolino, Antonia
Di Giandomenico, Felicita
[J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2023, 164

← 1 2 3 4 5 →