基于密码学理论的私密信息安全风险评估方法
|
摘要
为了解决传统方法没有考虑针对私密信息的防控措施,得到的私密信息安全风险评估结果不准确的问题,通过密码学理论研究了私密信息安全风险评估方法。在将资产-威胁-脆弱性作为核心对风险值进行计算的基础上,引入安全防控措施功能进行分析。按照相关原则,建立阶梯层次式私密信息安全风险评估指标体系,通过熵系数对各评估指标的权重进行计算。在不考虑防控措施的情况下计算风险值,通过密码学理论对私密信息安全性进行保护后风险值进行计算,将二者结合在一起,获取考虑密码学理论下防控措施后,私密信息风险值,实现私密信息安全风险评估。结果表明:所提方法可有效实现私密信息安全风险评估;所提方法风险评估结果准确合理。可见所提方法评估性能准确。
In order to solve the problem that traditional methods do not consider the inaccuracy of the evaluation results of the prevention and control measures against private information,the risk assessment method of private information security is studied by cryptography theory. On the basis of calculating the risk value with the asset-threatvulnerability as the core,the function of security prevention and control measures is introduced to analyze. According to the relevant principles,the hierarchical risk assessment index system of private information security was established,and the weight of each evaluation index was calculated by entropy coefficient. The risk value was calculated without considering the preventive measures,and the risk value was calculated after the privacy information security was protected by cryptography theory. Combining the two,the risk value of privacy information was obtained after considering the preventive measures under cryptography theory to realize the risk assessment of privacy information security. The results show that the proposed method can effectively realize the risk assessment of private information security,and the risk assessment results of the proposed method are accurate and reasonable. It can be seen that the proposed method is accurate in evaluating performance.
In order to solve the problem that traditional methods do not consider the inaccuracy of the evaluation results of the prevention and control measures against private information,the risk assessment method of private information security is studied by cryptography theory. On the basis of calculating the risk value with the asset-threatvulnerability as the core,the function of security prevention and control measures is introduced to analyze. According to the relevant principles,the hierarchical risk assessment index system of private information security was established,and the weight of each evaluation index was calculated by entropy coefficient. The risk value was calculated without considering the preventive measures,and the risk value was calculated after the privacy information security was protected by cryptography theory. Combining the two,the risk value of privacy information was obtained after considering the preventive measures under cryptography theory to realize the risk assessment of privacy information security. The results show that the proposed method can effectively realize the risk assessment of private information security,and the risk assessment results of the proposed method are accurate and reasonable. It can be seen that the proposed method is accurate in evaluating performance.
引文
1陈宇,王亚弟,王晋东,等.模糊认知图在信息安全风险评估中的应用研究[J].计算机工程,2016,42(7):109-116Chen Yu,Wang Yadi,Wang Jindong,et al.Application research on fuzzy cognitive map in information security risk assessment[J].Computer Engineering,2016,42(7):109-116
2过辰楷,许静,司冠南,等.面向移动应用软件信息泄露的模型检测研究[J].计算机学报,2016,39(11):2324-2343Guo Chenkai,Xu Jing,Si Guannan,et al.Model checking for software information leakage in mobile application[J].Chinese Journal of Computers,2016,39(11):2324-2343
3 Shameli-Sendi A,Aghababaei-Barzegar R,Cheriet M.Taxonomy of information security risk assessment(ISRA)[J].Computers&Security,2016,57(C):14-30
4武文博,康锐,李梓.基于攻击图的信息物理系统信息安全风险评估方法[J].计算机应用,2016,36(1):203-206Wu Wenbo,Kang Rui,Li Zi.Attack graph based risk assessment method for cyber security of cyber-physical system[J].Journal of Computer Applications,2016,36(1):203-206
5柴继文,王胜,梁晖辉,等.基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报,2017,40(4):44-53Chai Jiwen,Wang Sheng,Liang Huihui,et al.An AHP-based quantified method of information security risk assessment elements[J].Journal of Chongqing University(Natural Science Edition),2017,40(4):44-53
6熊金波,李凤华,王彦超,等.基于密码学的云数据确定性删除研究进展[J].通信学报,2016,37(8):167-184Xiong Jinbo,Li Fenghua,Wang Yanchao,et al.Research progress on cloud data assured deletion based on cryptography[J].Journal on Communications,2016,37(8):167-184
7南开辉,归三荣,王静怡,等.分布式电源配电网造价风险评估仿真研究[J].计算机仿真,2017,34(3):96-99Nan Kaihui,Gui Sanrong,Wang Jingyi,et al.Cost of the distributed power distribution network risk assessment simulation research[J].Computer Simulation,2017,34(3):96-99
8郭良.数据集中环境下云计算中私密信息安全攻防方法[J].科学技术与工程,2017,17(24):242-246Guo Liang.Data set in the cloud computing under the environment of private information security defense method research[J].Science Technology and Engineering,2017,17(24):242-246
9郝丽萍,张容菠,任永伟,等.基于风险评估方法的综合预警系统设计[J].电子设计工程,2018,26(3):138-141Hao Liping,Zhang Rongbo,Ren Yongwei,et al.Design of comprehensive early-warning system based on risk assessment[J].Electronic Design Engineering,2018,26(3):138-141
10高志方,盛冠帅,彭定洪.妥协率法在信息安全风险评估中的应用[J].计算机工程与应用,2017,53(23):82-87Gao Zhifang,Sheng Guanshuai,Peng Dinghong.Information security risk assessment method based on compromise rate method[J].Computer Engineering and Applications,2017,53(23):82-87
11周才学.几个签密方案的密码学分析与改进[J].计算机工程与科学,2016,38(11):2246-2253Zhou Caixue.Cryptanalysis and improvement of some signcryption schemes[J].Computer Engineering and Science,2016,38(11):2246-2253
12吴广,孙杨,闫春香,等.无线传感器网络密钥管理技术在空间网络中的应用研究[J].计算机测量与控制,2017,25(9):307-310Wu Guang,Sun Yang,Yan Chunxiang,et al.Research on application of wireless sensor network key management technology in space networks[J].Computer Measurement&Control,2017,25(9):307-310
13王姣,范科峰,莫玮.基于模糊集和DS证据理论的信息安全风险评估方法[J].计算机应用研究,2017,34(11):3432-3436Wang Jiao,Fan Kefeng,Mo Wei.Method for information security risk assessment based on fuzzy set theory and DS evidence theory[J].Application Research of Computers,2017,34(11):3432-3436
14 Wangen G.Information security risk assessment:A method comparison[J].Computer,2017,50(4):52-61
15周景贤,王帅卿,韩迎亚,等.基于资产相关性的信息系统安全评估模型[J].计算机工程与设计,2017,38(7):1691-1696Zhou Jingxian,Wang Shuaiqing,Han Yingya,et al.Model of information system security evaluation based on assets association degree[J].Computer Engineering and Design,2017,38(7):1691-1696
16石红岩,王江涛.有限域上多变量线性代数方程求解密码学分析[J].科技通报,2017,33(4):195-198Shi Hongyan,Wang Jiangtao.Cryptanalysis of multivariate linear algebraic equations in finite fields[J].Bulletin of Science and Technology,2017,33(4):195-198
17 Basallo Y A,Senti V E,Sanchez N M.Artificial intelligence techniques for information security risk assessment[J].IEEE Latin America Transactions,2018,16(3):897-901
2过辰楷,许静,司冠南,等.面向移动应用软件信息泄露的模型检测研究[J].计算机学报,2016,39(11):2324-2343Guo Chenkai,Xu Jing,Si Guannan,et al.Model checking for software information leakage in mobile application[J].Chinese Journal of Computers,2016,39(11):2324-2343
3 Shameli-Sendi A,Aghababaei-Barzegar R,Cheriet M.Taxonomy of information security risk assessment(ISRA)[J].Computers&Security,2016,57(C):14-30
4武文博,康锐,李梓.基于攻击图的信息物理系统信息安全风险评估方法[J].计算机应用,2016,36(1):203-206Wu Wenbo,Kang Rui,Li Zi.Attack graph based risk assessment method for cyber security of cyber-physical system[J].Journal of Computer Applications,2016,36(1):203-206
5柴继文,王胜,梁晖辉,等.基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报,2017,40(4):44-53Chai Jiwen,Wang Sheng,Liang Huihui,et al.An AHP-based quantified method of information security risk assessment elements[J].Journal of Chongqing University(Natural Science Edition),2017,40(4):44-53
6熊金波,李凤华,王彦超,等.基于密码学的云数据确定性删除研究进展[J].通信学报,2016,37(8):167-184Xiong Jinbo,Li Fenghua,Wang Yanchao,et al.Research progress on cloud data assured deletion based on cryptography[J].Journal on Communications,2016,37(8):167-184
7南开辉,归三荣,王静怡,等.分布式电源配电网造价风险评估仿真研究[J].计算机仿真,2017,34(3):96-99Nan Kaihui,Gui Sanrong,Wang Jingyi,et al.Cost of the distributed power distribution network risk assessment simulation research[J].Computer Simulation,2017,34(3):96-99
8郭良.数据集中环境下云计算中私密信息安全攻防方法[J].科学技术与工程,2017,17(24):242-246Guo Liang.Data set in the cloud computing under the environment of private information security defense method research[J].Science Technology and Engineering,2017,17(24):242-246
9郝丽萍,张容菠,任永伟,等.基于风险评估方法的综合预警系统设计[J].电子设计工程,2018,26(3):138-141Hao Liping,Zhang Rongbo,Ren Yongwei,et al.Design of comprehensive early-warning system based on risk assessment[J].Electronic Design Engineering,2018,26(3):138-141
10高志方,盛冠帅,彭定洪.妥协率法在信息安全风险评估中的应用[J].计算机工程与应用,2017,53(23):82-87Gao Zhifang,Sheng Guanshuai,Peng Dinghong.Information security risk assessment method based on compromise rate method[J].Computer Engineering and Applications,2017,53(23):82-87
11周才学.几个签密方案的密码学分析与改进[J].计算机工程与科学,2016,38(11):2246-2253Zhou Caixue.Cryptanalysis and improvement of some signcryption schemes[J].Computer Engineering and Science,2016,38(11):2246-2253
12吴广,孙杨,闫春香,等.无线传感器网络密钥管理技术在空间网络中的应用研究[J].计算机测量与控制,2017,25(9):307-310Wu Guang,Sun Yang,Yan Chunxiang,et al.Research on application of wireless sensor network key management technology in space networks[J].Computer Measurement&Control,2017,25(9):307-310
13王姣,范科峰,莫玮.基于模糊集和DS证据理论的信息安全风险评估方法[J].计算机应用研究,2017,34(11):3432-3436Wang Jiao,Fan Kefeng,Mo Wei.Method for information security risk assessment based on fuzzy set theory and DS evidence theory[J].Application Research of Computers,2017,34(11):3432-3436
14 Wangen G.Information security risk assessment:A method comparison[J].Computer,2017,50(4):52-61
15周景贤,王帅卿,韩迎亚,等.基于资产相关性的信息系统安全评估模型[J].计算机工程与设计,2017,38(7):1691-1696Zhou Jingxian,Wang Shuaiqing,Han Yingya,et al.Model of information system security evaluation based on assets association degree[J].Computer Engineering and Design,2017,38(7):1691-1696
16石红岩,王江涛.有限域上多变量线性代数方程求解密码学分析[J].科技通报,2017,33(4):195-198Shi Hongyan,Wang Jiangtao.Cryptanalysis of multivariate linear algebraic equations in finite fields[J].Bulletin of Science and Technology,2017,33(4):195-198
17 Basallo Y A,Senti V E,Sanchez N M.Artificial intelligence techniques for information security risk assessment[J].IEEE Latin America Transactions,2018,16(3):897-901