多自治域安全互操作的风险评估方法研究-智能与分布计算实验室

多自治域安全互操作的风险评估方法研究

姓名	李红平
论文答辩日期	2006.05.08
论文提交日期	2006.05.15
论文级别	硕士
中文题名	多自治域安全互操作的风险评估方法研究
英文题名	Research on Risk Assessment for Secure Interoperability in Multi-autonomous Domain
导师1	卢正鼎
导师2
中文关键词	安全互操作;风险评估;多自治域;模糊综合评判法;灰色关联分析
英文关键词	Secure Interoperability;Risk Assessment;Multi-autonomous Domain;Fuzzy-synthesis Evaluation;Gray Relational Analysis
中文文摘	随着大量应用系统由集中转向分布，实现分布式环境下不同信息源之间的互连、互通、互操作已成为一个十分迫切的问题。然而，要想直接在不同的分布式系统中共享数据并进行交互操作是非常困难的；但在局部、小范围，尤其是地理位置相对集中的局域网环境中获取、处理共享数据则相对容易；因此，采用自治域（Autonomous Domain）的方法对分布式环境进行分割，通过研究多自治域间的互操作来研究分布式系统的信息交换。对于多自治域间的互操作，其中十分重要的、迫在眉睫的问题就是信息存取的安全策略问题。而多自治域环境的复杂性使得任何一种安全策略都不能保证信息在交互过程中的绝对安全。若能动态建立一种风险评估和预警机制，对安全互操作的风险进行有效的评估，则可大大降低分布式环境中信息交换的安全隐患，避免不必要的安全灾难损失。由于自治域系统自身在安全上可能存在着漏洞，因此，对于两个自治域之间的互操作，首先需要评估单个自治域在网络上所处的安全风险。单域内的风险评估将使用模糊综合评判法，一旦单域的网络安全风险过大，将被禁止进行多域间的互操作，直至其采取安全措施，降低网络安全的风险值。显然，两个自治域之间，也有可能因为相互的攻击、木马程序等因素，存在着安全隐患。采用灰色关联分析来分析和处理两个自治域之间的安全风险。一旦该风险值过大，自治域间的互操作也将被禁止，直至相关自治域实施安全举措，降低自治域间的风险值。在满足单域的自风险和两个自治域的交互风险都在各自阈值范围的情况下，自治域间的交互请求将被允许。灰色关联分析法被使用来评估这种交互操作对自治域的信息安全所造成的影响，并根据其影响来调整自治域的安全措施。多域互操作管理系统（MuDoRight）实现了不同自治域系统的权限集成，在该系统基础上，设计了风险评估模块和互操作的风险评估流程，来阐述域间互操作的风险评估。
英文文摘	With the transiting from concentrated application system to distributed one,it's very necessary to realize the interoperation among different data soureces in the distributed environment.Otherwise, it is very difficult to share the data and interoperate directly among the different distributed application systems.But it is easier to get and deal with the sharing data in the local and more concentrated network environment,for example,LAN.So the autonomous domain method is used to split the distributed application system.Then,the information sharing in the distributed system can be studied through the interoperation in the autonomous domain system. The most important point in the interoperation is the information safety strategy. Because of the complexity of the autonomous domain,any safety strategy can't ensure the complete security during the interopeation.If a mechanism of risk assessment can be set up to assess the risk of interoperation,then the threat of the information security will be reduced. Because of the weakness in network security of the autonomous system,it's necessary to assess the risk of network security of the autonomous system.The fuzzy-synthesis evaluation method is used to evaluated this risk.If the risk value is larger than the threshold set beforehand,the autonomous will be forbidden to the system integration unless some measures are taked to reduce the risk grade. There are maybe mutual attack and Trojan horse program between two autonomous domain system.Then it's also necessary to assess the network security risk between the two autonomous domain systems.The gray relational analysis method is used to analyse and deal with the risk factor of the two autonomous domain system.Once the risk value is larger than the risk threshold set in advance,the interoperation between two autonomous domain system will be forbidden unless the correlative system takes some measures to reduce the risk influence. If the self risk of an autonomous doamin system and the mutual risk of the two antonomous domain systems are both below the risk threshold,then the interoperation request is allowed.The influence of the interoperation will be evaluated in the use of gray relational analysis method.The assessment result will be used to make the decision to reduce the risk of the interoperation. MuDoRight is a archetypal application system about multi-domain interoperation authorization management.The risk assessment moduel is constructed based on the MuDoRight to deal with the interoperation between two autonomous domain system and design the risk assessment flow.