计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2013年
16期
232-235,264
,共5页
机载系统%安保风险评估%威胁条件%风险预测%安保等级
機載繫統%安保風險評估%威脅條件%風險預測%安保等級
궤재계통%안보풍험평고%위협조건%풍험예측%안보등급
airborne system%security risk assessment%threat condition%risk estimate%security level
针对影响民用飞机机载系统安全的信息安保威胁问题,通过研究ISO27005和航空工业标准,提出了一种适用于机载系统的安保风险评估方法。该方法基于威胁条件和威胁场景进行系统脆弱性分析,并结合传统的飞机安全性分析方法与安保风险评估方法,提出一套可量化的风险值计算方法。通过关系矩阵在安全性与安保等级间建立了相关性,为系统需求和架构设计提供了依据。实例验证结果表明,该方法能提供正确与可信的机载系统安保风险评估数据。
針對影響民用飛機機載繫統安全的信息安保威脅問題,通過研究ISO27005和航空工業標準,提齣瞭一種適用于機載繫統的安保風險評估方法。該方法基于威脅條件和威脅場景進行繫統脆弱性分析,併結閤傳統的飛機安全性分析方法與安保風險評估方法,提齣一套可量化的風險值計算方法。通過關繫矩陣在安全性與安保等級間建立瞭相關性,為繫統需求和架構設計提供瞭依據。實例驗證結果錶明,該方法能提供正確與可信的機載繫統安保風險評估數據。
침대영향민용비궤궤재계통안전적신식안보위협문제,통과연구ISO27005화항공공업표준,제출료일충괄용우궤재계통적안보풍험평고방법。해방법기우위협조건화위협장경진행계통취약성분석,병결합전통적비궤안전성분석방법여안보풍험평고방법,제출일투가양화적풍험치계산방법。통과관계구진재안전성여안보등급간건립료상관성,위계통수구화가구설계제공료의거。실례험증결과표명,해방법능제공정학여가신적궤재계통안보풍험평고수거。
Aimed at the issues of information security threat which impact on safety of commercial aircraft airborne system, this paper proposes a security risk assessment methodology for airborne system by studying ISO/IEC27005 which is a standard for information security management and some relational aviation industry standards. It is advanced to use threat condition and threat scenario for system vulnerability assessment. Through combining traditional aircraft safety assessment methods and secu-rity risk evaluation methods, a set of quantitative risk estimation algorithms is proposed. Through relational matrix the relativity between safety and security level is built, and the basis for system’s requirement and architecture design is provided. According to the case results, the methodology can provide veracity and reliability airborne system security assessment data.
