№1, 2013
МЕТОДЫ ОЦЕНКИ БЕЗОПАСНОСТИ КОМПЬЮТЕРНЫХ СИСТЕМ
В статье были проанализированы некоторые стандарты и методы оценки безопасности компьютерных систем, такие, как общие критерии, индекс системной уязвимости, моделирование многоступенчатой атаки, обнаружение атаки, определены некоторые существующие проблемы. (стр. 74-80)
Ключевые слова: компьютерные системы, оценка безопасности, метрика безопасности, методы оценки безопасности
Литература
- Olsen F. Input: IT security spending to catch its breath. http://www.fcw.com/article89546-07-13-05.
- Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Information, Part 2: Security Functional Requirements, Part 3: Security Assurance Requirements, Version 3.1 Revision 1, September 2006.
- Foss A.J., Barbosa S., Assessing Computer Security Vulnerability // Operating Systems Review, July 1995, vol. 29, no. 3, pp. 3–13.
- Clark K., Tyree S., Dawkins J., Hale J. Qualitative and Quantitative Analytical Techniques for Network Security Assessment / Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, June 10-11, 2004, United States Military Academy, West Point, NY, pp. 321–328.
- Howard M., Pincus J. Wing J. Measuring Relative Attack Surfaces // Computer Security in the 21st Century, D.T. Lee, S.P. Shieh, and J.D. Tygar, editors, Springer, March 2005, 109–137.
- Hallberg J., Hunstad A., Peterson A. Framework for System Security Assessment / Proceedings of the 2005 IEEE Workshop on Information Assurance, June, 2005, West Point, New York, USA, pp. 224–231.
- Hallberg J., Hunstad A., Bond A., Peterson M., Pålsson N. System IT Security Assessment, Scientific Report, Swedish Research Agency, Linköping, FOI-R–1468–E, 2004.
- Gacic D. FSA – Framework for Security Assessment of Distributed Information Systems. Master’s thesis, Royal Institute of Technology, Stockholm, Sweden, 2006.
- Schudel G., Wood B. Adversary Work Factor as a Metric for Information Assurance / Proceedings of the New Security Paradigm Workshop, September 18-22, 2000, Ireland, 23–30.
- Swanson M., Bartol N., Sabato J. and Hash J. Security metrics guide for information technology systems. Technical Report NIST Special Publication 800-55, NIST, July 2003.
- Manadhata P., WingJ. An Attack Surface Metric, Carnegie Mellon University, CMU-CS-05-155, 2005.
- Chew E, Swanson M., Stine K., Bartol N., Brown A. and Robinson W. Performance Measurement Guide for Information Security. NIST Special Publication 800-55 Revision 1, July 2008.
- Vaughn R., Henning R., Siraj A. Information Assurance Measures and Metrics – State of Practice and Proposed Taxonomy / Proceedings of the 36th Hawaii International Conference on System Sciences, January 6-9, 2003, Big Island, HI, USA.
- http://www.commoncriteriaportal.org/cc/
- Howard M., Fending Off Future Attacks by Reducing Attack Surface, 2003.
- Jaquith A. Metrics are nifty / Proceedings of the MetriCon 1.0 Workshop in conjunction with the USENIX Association’s Security Symposium, August 1, 2006, Vancouver, British Columbia, Canada. www.securitymetrics.org/content/attach/Metricon1.0/metricon-1.0-presentations.zip