Computer system security evaluation
نویسنده
چکیده
This paper considers the problem of attaining computer systems and applications programs that are both highly secure and highly reliable. It contrasts two current alternative approaches, one remedial, the other preventive. A remedial approach is outlined based on a classification of software security violations suggested by Bisbey, Carlstedt, and Hollingworth at lSI. This remedial analysis is then related to a preventive approach, illustrated here by the formal SRI Hierarchical Development Methodology. Evaluation of system security is then considered by combining concepts from the preventive and remedial approaches. This combination of techniques seems to have significant potential in the attainment and evaluation of computer system security. Illustra,;. tions are given for three types of systems, the first two being systems explicitly designed with security in mind, and the first of those being designed according to a formal methodology. The first system is the SRI design for a Provably Secure Operating System (PSOS), the second is Multics, and the third is UNIX. (The reader familiar with security may wish to skim the next two sections.)
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملEvaluation of Planet Factors of Smart City through Multi-layer Fuzzy Logic (MFL)
Internet of Things (IoT) approach is empowering smart city creativities all over the world. There is no specific tool or criteria for the evaluation of the services offered by the smart city. In this paper, a new Multilayer Fuzzy Inference System (MFIS) is proposed for the assessment of the Planet Factors of smart city (PFSC). The PFSC system is categorized into two levels. The proposed MFIS ba...
متن کاملNetwork Risk Evaluation by Data Mining
Risk management is one of the most prominent concepts which has recently been brought into sharp focus regarding security issues in computer networks. Scientifically speaking, risk in the field of network security is a generalized matter leading the organization to the provision of resolutions which target resources and profits of the organization. This paper has discussed what methods are ...
متن کاملSecure Bio-Cryptographic Authentication System for Cardless Automated Teller Machines
Security is a vital issue in the usage of Automated Teller Machine (ATM) for cash, cashless and many off the counter banking transactions. Weaknesses in the use of ATM machine could not only lead to loss of customer’s data confidentiality and integrity but also breach in the verification of user’s authentication. Several challenges are associated with the use of ATM smart card such as: card clo...
متن کاملMapping CRC Card into Stochastic Petri Net for Analyzing and Evaluating Quality Parameter of Security (TECHNICAL NOTE)
CRC cards are unconventional method for identifying and describing classes, behavior and its responsibilities and collaborators of class. Representation of three categories of class, responsibilities and collaborators can give proper image of scenario. These cards are effective method for analyzing scenarios. With all positive features of CRC cards, of weaknesses of these cards are failure to s...
متن کامل