您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2018, Vol. 53 ›› Issue (3): 71-76.doi: 10.6040/j.issn.1671-9352.2.2017.380

• • 上一篇    下一篇

云安全风险评估度量模型

阮树骅1,2,瓮俊昊2*,毛麾2,陈雪莲2   

  1. 1. 四川大学网络空间安全研究院, 四川 成都 610065;2. 四川大学计算机学院, 四川 成都 610065
  • 收稿日期:2017-08-28 出版日期:2018-03-20 发布日期:2018-03-13
  • 通讯作者: 瓮俊昊(1995—),男,硕士,研究方向为云计算及大数据安全. E-mail:296075589@qq.com E-mail:ruanshuhua@scu.edu.cn
  • 作者简介:阮树骅(1966— ),女,副教授,硕士,研究方向为云计算及大数据安全等. E-mail:ruanshuhua@scu.edu.cn
  • 基金资助:
    四川省政府办公厅信息技术中心资助项目(16H1149);AWS2017合作项目

Metric model for cloud computing security risk assessment

RUAN Shu-hua1,2, WENG Jun-hao2*, MAO Hui2, CHEN Xue-lian2   

  1. 1. Cybersecurity Research Institute, Sichuan University, Chengdu 610065, Sichuan, China;
    2. College of Computer Science, Sichuan University, Chengdu 610065, Sichuan, China
  • Received:2017-08-28 Online:2018-03-20 Published:2018-03-13

摘要: 针对云计算环境下安全风险评估问题,从与云计算相关的政策法规、管理和技术三个层面出发,建立云安全风险评估指标体系。融合德尔菲法、模糊层次分析法、模糊综合评价法构建云计算环境下安全风险评估度量模型。风险实例评估度量结果表明该度量模型对于云计算环境下的安全风险评估能提供有效的量化评价依据。

关键词: 风险评估, 云安全, 度量模型

Abstract: From three aspects related to cloud computing of policies, management and technologies, an indicator system of cloud security risk assessment is established for the security risk assessment problem in cloud computing environment. A metric model of security risk in cloud computing environment is established by fusing Delphi method, fuzzy analytical hierarchy process and fuzzy comprehensive evaluation method. Measurement results of risk instances show that the metric model could provide effective quantitative evaluation for the security risk assessment in cloud computing environment.

Key words: risk assessment, cloud security, metric model

中图分类号: 

  • TP309
[1] 付沙,杨波,李博. 基于灰色模糊理论的信息系统安全风险评估研究[J]. 现代情报,2013,33(7): 34-37. FU Sha, YANG Bo, LI Bo. Information system security risk assessment based on grey fuzzy theory[J]. Journal of Modem Information, 2013, 33(7): 34-37.
[2] 李鑫,李京春,郑雪峰,等. 一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7): 58-63. LI Xin, LI Jingchun, ZHENG Xuefeng, et al. Analytic hierarchy process(AHP)-based vulnerability quantitative assessment method for information systems[J]. Computer Science, 2012, 39(7): 58-63.
[3] 龚德忠.云计算安全风险评估的模型分析[J].湖北警官学院学报,2011(6): 85-86. GONG Dezhong. Model analysis of cloud computing security risk assessment[J]. Journal of Hubei University of Police, 2011(6): 85-86.
[4] 汪兆成. 基于云计算模式的信息安全风险评估研究[J]. 信息网络安全,2011(9): 56-60. WANG Zhaocheng. Research on information security risk assessment based on cloud computing model[J]. Netinfo Security, 2011(9): 56-60.
[5] 姜政伟,赵文瑞.基于等级保护的云计算安全评估模型[J].计算机科学,2013,40(8): 151-156. JIANG Zhengwei, ZHAO Wenrui. Model for cloud computing security assessment based on classified protection[J]. Computer Science, 2013, 40(8): 151-156.
[6] 姜茸,马自飞,李彤,等.云计算技术安全风险评估研究[J]. 电子技术应用,2015,41(3): 111-115. JIANG Rong, MA Zifei, LI Tong, et al. Study on security risk assessment for technology of cloud computing[J]. Application of Electronic Technique, 2015, 41(3): 111-115.
[7] 付钰,吴晓平, 叶清,等. 基于模糊集与熵权理论的信息系统安全风险评估研究[J]. 电子学报,2010,38(7): 1489-1494. FU Yu, WU Xiaoping, YE Qing, et al. An approach for information systems security risk assessment on fuzzy set and Entropy-Weight[J]. Chinese Journal of Electronics, 2010, 38(7):1489-1494.
[8] 全国信息安全标准化技术委员会. GB/T 31509-2015 信息安全技术 信息安全风险评估实施指南[S]. 北京:中国标准出版社,2015. National Information Security Standardization Technical Committee. GB/T 31509-2015 Information Security Technology Information Security Risk Assessment Implementation Guide[S]. Beijing: China Standard Press, 2015.
[9] 全国信息安全标准化技术委员会. GB/T 31167-2014 信息安全技术 云计算服务安全指南[S]. 北京:中国标准出版社,2014. National Information Security Standardization Technical Committee. GB/T 31167-2014 Information Security Technology Cloud Computing Services Security Guide[S]. Beijing: China Standard Press, 2014.
[10] 全国信息安全标准化技术委员会.GB/T 31168-2014信息安全技术 云计算服务安全能力要求[S]. 北京:中国标准出版社, 2014. National Information Security Standardization Technical Committee. GB/T 31168-2014 Information Security Technology Cloud Computing Services Security Capability Requirements[S]. Beijing: China Standard Press, 2014.
[11] CSA.The notorious nine: cloud computing top threats in 2013[R]. CSA, 2013.
[12] ENISA.Cloud computing: benefits, risks and recommendations for information security[R]. ENISA, December, 2012.
[1] 杨淑棉,王连海,张淑慧,徐淑奖,刘广起. 一种IaaS模式下的实时监控取证方法[J]. 山东大学学报(理学版), 2017, 52(6): 84-91.
[2] 吴頔,王丽娜,余荣威,章鑫,徐来. 面向云平台安全监控多维数据的离群节点自识别可视化技术[J]. 山东大学学报(理学版), 2017, 52(6): 56-63.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!