摘要
信息安全评估标准是对信息安全产品或系统进行安全水平测定、评估的一类标准.文中以时间为线索,根据安全评估标准的特点,提出了奠基时期、混沌时期、合并时期和统一时期的阶段划分方法,比较系统地对信息安全标准的形成和发展过程进行全面的分析,给出了信息安全评估标准演化进程的一个全景视图.然后介绍了与各个阶段对应的、典型的信息安全评估标准:TCSEC、ITCSEC和CC(ISO15408),着重讨论了这些标准的特点及应用方式,并进行比较分析,最后总结了当前安全评估标准中亟待解决的问题.
Information Security Evaluation Criteria (ISEC) is those kinds criteria which can mensurate and evaluate information security products or systems. According the character of ISEC, clued by time, a classification method that divided the progress course of ISEC into foundation period, chaos period, combination period and unification period was proposed at the first time, the originating and developing procedure of ISEC was analyzed systematically, and a comprehensive perspective of the evolution process of ISEC is presented. Then the period-corresponding, typical criteria: ICSEC, ITCSEC and CC (ISO15408) are introduced, the characters and application models were discussed, and compared each other. Finally, some urgent problems about ISEC were coneluded.
出处
《小型微型计算机系统》
CSCD
北大核心
2006年第4期634-637,共4页
Journal of Chinese Computer Systems
基金
国家"八六三"宽带VPN项目(863-104-03-01)资助
2003年度四川省科技攻关项目(03GG007-007)资助
