(Ocean University of China, Qingdao City Shandong Province 266100, China.)
Abstract:This paper first elaborates and analyses the information system security baseline theory,then follows the baseline security theory of information systems, references the FISMA model (The Federal Information Security Management Act) and the introduction of the SCAP (Security Content Automation Protocol) standard, designs an automatic configurations verification and evaluation system based on the information systems security baseline (named AutoCVES for short). This system uses a combination of remote detection and local detection , can automatically excute the configuration verification based on the security baseline library,therefore saves the time of the traditional manual operating ,such as single-point security configuration checking , also can effectively reduce the mistakes and avoid the risks caused by traditional manual inspections.At the end, this paper proposes that the Hidden Markov Model(HMM) can be used to set model for various states of information system and helpful for the evaluation.Key words:Baseline Security�����;FISMA���;SCAP�����;Configurations Verification����;HMM
References
[1] YAN Qiang, CHEN Zhong, Duan Yunsuo, et al. Introduction and Advancement of Information System Security Evaluation Criteria and Technology [J]. Computer Engineering, 2003(4): 1-8..
[2] Federal Information Security Management Act [EB/OL]. [2012-06-05]. http://iase.disa.mil/fisma/index.html.
[3] YAN Xiaofeng, GAO Chiyang. Study for Federal Information Security Risk Management Framework and Related Standards[J]. China Academic Journal Electronic Publishing House., 2009(2):40-44.
[4] The Security Content Automation Protocol [EB/OL].[2012-06-25]. http://scap.nist.gov.
[5] LIU Tong. Research of Building Security Baseline of Complicated Information System.[C] The management of complex systems theory and Information Systems Technical Conference album.2000.
[6] PENG Xiao. Research on Security Baseline Risk Assessment Technology [D]. BUPT 2010.
[7] ZHANG Li. The Introduction of SCAP Standard to Improve the Safety System Configuration.[J] Information Security and Technology. 2010(10)
[8] QIAO Pei-li, ZHANG Hai-xia. Hidden Markov Model-based real-time security assessment methodologies. Journal of Harbin University of Technology . 2008
[9] LIU Chenhuizi, ZHANG Xuefeng. A dynamic risk assessment method based on hidden Markov model [J]. Journal of Xi’an University of Posts and Telecommunications.2012(02)
[10] YU Ma, LIU Jianhua and so on. Based on Hidden Markov Models real-time network risk assessment. Computer Engineering and Design . 2009.
Foundation item: The national natural science fund project (60970129)
Scientific research item: Marine public welfare industry research special funds for the project (201105033)
ZOU Yu-Lin (1983-). Male. Born in Zibo City, Shandong Province. Graduate student. MS. in Computer Software and Theory at Ocean University of China. Mainly research on Computer Network, Information Security and Trusted Computing.
