基于全重叠安全系统的数据库保护模型

IF 0.2 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia Pub Date : 2021-09-24 DOI:10.30837/rt.2021.3.206.08
V. Vilihura, V. Yesin
{"title":"基于全重叠安全系统的数据库保护模型","authors":"V. Vilihura, V. Yesin","doi":"10.30837/rt.2021.3.206.08","DOIUrl":null,"url":null,"abstract":"Security is one of the most important characteristics of the quality of information systems in general and databases, as their main component, in particular. Therefore, the presence of an information protection system, as a complex of software, technical, cryptographic, organizational and other methods, means and measures that ensure the integrity, confidentiality, authenticity and availability of information in conditions of exposure to natural or artificial threats, is an integral feature of almost any modern information system and database. At the same time, in order to be able to verify the conclusions about the degree of security, it must be measured in some way. The paper considers a database security model based on a full overlap security model (a covered security system), which is traditionally considered the basis for a formal description of security systems. Thanks to expanding the Clements-Hoffman model by including a set of vulnerabilities (as a separately objectively existing category necessary to describe a weakness of an asset or control that can be exploited by one or more threats), which makes it possible to assess more adequately the likelihood of an unwanted incident (threat realization) in a two-factor model (in which one of the factors reflects the motivational component of the threat, and the second takes into account the existing vulnerabilities); a defined integral indicator of database security (as a value inverse to the total residual risk, the constituent components of which are represented in the form of the corresponding linguistic variables); the developed technique for assessing the main components of security barriers and the security of the database as a whole, based on the theory of fuzzy sets and risk, it becomes possible to use the developed model to conduct a quantitative assessment of the security of the analyzed database.","PeriodicalId":41675,"journal":{"name":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","volume":"1 1","pages":""},"PeriodicalIF":0.2000,"publicationDate":"2021-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Database protection model based on security system with full overlap\",\"authors\":\"V. Vilihura, V. Yesin\",\"doi\":\"10.30837/rt.2021.3.206.08\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is one of the most important characteristics of the quality of information systems in general and databases, as their main component, in particular. Therefore, the presence of an information protection system, as a complex of software, technical, cryptographic, organizational and other methods, means and measures that ensure the integrity, confidentiality, authenticity and availability of information in conditions of exposure to natural or artificial threats, is an integral feature of almost any modern information system and database. At the same time, in order to be able to verify the conclusions about the degree of security, it must be measured in some way. The paper considers a database security model based on a full overlap security model (a covered security system), which is traditionally considered the basis for a formal description of security systems. Thanks to expanding the Clements-Hoffman model by including a set of vulnerabilities (as a separately objectively existing category necessary to describe a weakness of an asset or control that can be exploited by one or more threats), which makes it possible to assess more adequately the likelihood of an unwanted incident (threat realization) in a two-factor model (in which one of the factors reflects the motivational component of the threat, and the second takes into account the existing vulnerabilities); a defined integral indicator of database security (as a value inverse to the total residual risk, the constituent components of which are represented in the form of the corresponding linguistic variables); the developed technique for assessing the main components of security barriers and the security of the database as a whole, based on the theory of fuzzy sets and risk, it becomes possible to use the developed model to conduct a quantitative assessment of the security of the analyzed database.\",\"PeriodicalId\":41675,\"journal\":{\"name\":\"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.2000,\"publicationDate\":\"2021-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30837/rt.2021.3.206.08\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30837/rt.2021.3.206.08","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

摘要

安全性是一般信息系统质量的最重要特征之一,特别是数据库,作为它们的主要组成部分。因此,信息保护系统作为软件、技术、密码、组织和其他方法、手段和措施的综合体,在面临自然或人为威胁的情况下确保信息的完整性、机密性、真实性和可用性,是几乎任何现代信息系统和数据库的一个不可缺少的特征。同时,为了能够验证关于安全程度的结论,必须以某种方式进行测量。本文考虑了一种基于全重叠安全模型(覆盖安全系统)的数据库安全模型,该模型通常被认为是安全系统形式化描述的基础。由于扩展了克莱门茨-霍夫曼模型,包括一组漏洞(作为一个单独客观存在的类别,必须描述一个资产或控制的弱点,可以被一个或多个威胁利用),这使得有可能在双因素模型中更充分地评估意外事件(威胁实现)的可能性(其中一个因素反映了威胁的动机成分)。第二种考虑了现有的漏洞);数据库安全的一个定义的积分指标(作为与总剩余风险相反的值,其组成部分以相应的语言变量的形式表示);基于模糊集理论和风险理论,开发了对安全屏障主要组成部分和数据库整体安全性进行评估的技术,使利用所开发的模型对所分析数据库的安全性进行定量评估成为可能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Database protection model based on security system with full overlap
Security is one of the most important characteristics of the quality of information systems in general and databases, as their main component, in particular. Therefore, the presence of an information protection system, as a complex of software, technical, cryptographic, organizational and other methods, means and measures that ensure the integrity, confidentiality, authenticity and availability of information in conditions of exposure to natural or artificial threats, is an integral feature of almost any modern information system and database. At the same time, in order to be able to verify the conclusions about the degree of security, it must be measured in some way. The paper considers a database security model based on a full overlap security model (a covered security system), which is traditionally considered the basis for a formal description of security systems. Thanks to expanding the Clements-Hoffman model by including a set of vulnerabilities (as a separately objectively existing category necessary to describe a weakness of an asset or control that can be exploited by one or more threats), which makes it possible to assess more adequately the likelihood of an unwanted incident (threat realization) in a two-factor model (in which one of the factors reflects the motivational component of the threat, and the second takes into account the existing vulnerabilities); a defined integral indicator of database security (as a value inverse to the total residual risk, the constituent components of which are represented in the form of the corresponding linguistic variables); the developed technique for assessing the main components of security barriers and the security of the database as a whole, based on the theory of fuzzy sets and risk, it becomes possible to use the developed model to conduct a quantitative assessment of the security of the analyzed database.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia ENGINEERING, ELECTRICAL & ELECTRONIC-
自引率
33.30%
发文量
0
期刊最新文献
Combined heat conductive boards with polyimide dielectrics Synthesis and analysis of the trace detector of air objects of an interrogating radar system Creating a call center test bench for load balancing Asterisk servers in a cluster Current state and development trends of class E oscillators: an overview Experimental studies of a lidar emitter built according to the oscillator-amplifier scheme
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1