Security Model for Sensitive Information Systems and Its Applications in Sensor Networks

The study of security models for sensitive information systems has been taken on for years, but still lag far away behind the progress of information security practice. During this century, the thought of seeking the system security to the source of system development lifecycle received huge improvement in the system and software assurance domain. This paper firstly expounds the understanding of information security by illustrating information security study development progress since pre-computer age and presents a description of cyberspace and cyberization security by summarizing the status quo of cyberization. Then a security model called PDRL, which includes six core security attributes of sensitive information systems, is proposed to protect the security of sensitive information systems in the whole system life-cycle. At last, this paper probes into further discussion about controllability attribute and proposes a controllability model in sensitive sensor networks, followed by a probability computing formula and the example for computing the controllability of sensitive sensor networks. By dividing each single element of sensitive information and each element-related operation into a corresponding classification, this paper makes a reasonable description of the quantitative description about controllability.

[1]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[2]  Michael R. Clarkson Quantification and Formalization of Security , 2010 .

[3]  Gwan-Hwan Hwang,et al.  Chinese Wall Security Model for Workflow Management Systems with Dynamic Security Policy , 2013, J. Inf. Sci. Eng..

[4]  M. E. Kabay,et al.  Computer Security Handbook , 2002 .

[5]  Mark Hall,et al.  Exploring reliability in information systems programmes , 2011 .

[6]  David Hutchison,et al.  Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines , 2010, Comput. Networks.

[7]  P.R. Croll Engineering for Systems Assurance A State of the Practice Report , 2007, 2007 1st Annual IEEE Systems Conference.

[8]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Apurva Kumar Using automated model analysis for reasoning about security of web protocols , 2012, ACSAC '12.

[10]  Yisheng Zhong,et al.  CONTROLLABILITY IMPROVEMENT FOR LINEAR TIME-INVARIANT DYNAMICAL MULTI-AGENT SYSTEMS , 2012 .

[11]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[12]  Michael R. Clarkson,et al.  Quantification of integrity† , 2014, Mathematical Structures in Computer Science.

[13]  Marilyn S. Fujii A comparison of software assurance methods , 1978 .

[14]  Yuan Zhou,et al.  Information content security on the Internet: the control model and its evaluation , 2010, Science in China Series F: Information Sciences.

[15]  Tadayoshi Kohno,et al.  SensorSift: balancing sensor data privacy and utility in automated face understanding , 2012, ACSAC '12.

[16]  Li Yan,et al.  An Improved Trust Model Based on Interactive Ant Algorithms and Its Applications in Wireless Sensor Networks , 2013, Int. J. Distributed Sens. Networks.

[17]  HyungJun Kim,et al.  Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks , 2012, Int. J. Distributed Sens. Networks.

[18]  Yang Xiang,et al.  A Novel Reliability Assurance Method for Cyberphysical System Components Substitution , 2012, Int. J. Distributed Sens. Networks.

[19]  B. Srinivasan,et al.  Security Architecture for Sensitive Information Systems , 2010 .

[20]  C.E. Shannon,et al.  Communication in the Presence of Noise , 1949, Proceedings of the IRE.

[21]  Jeremy Hilton,et al.  A Reference Model of Information Assurance & Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[22]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .