扩展企业系统中的信任

Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT) Pub Date : 2015-03-16 DOI:10.1109/C3IT.2015.7060169

S. Mondai, S. Setua

{"title":"扩展企业系统中的信任","authors":"S. Mondai, S. Setua","doi":"10.1109/C3IT.2015.7060169","DOIUrl":null,"url":null,"abstract":"Modern enterprises are facing more and more uncertainties and challenges from insecurity and context sensitivity. In view of information security, an enterprise is considered as a collection of assets and their interrelationships and how users use their rights to access the enterprise. These interrelationships may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or in the installation of software or in the information assets. As a result, access to one element may enable access to another if they are connected. An enterprise may specify the conditions on how to access certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to vulnerabilities in the enterprise information system if misused. This paper presents a formal methodology for detection of vulnerabilities and threats to enterprise information systems.","PeriodicalId":402311,"journal":{"name":"Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)","volume":"242 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Extending trust in enterprise systems\",\"authors\":\"S. Mondai, S. Setua\",\"doi\":\"10.1109/C3IT.2015.7060169\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern enterprises are facing more and more uncertainties and challenges from insecurity and context sensitivity. In view of information security, an enterprise is considered as a collection of assets and their interrelationships and how users use their rights to access the enterprise. These interrelationships may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or in the installation of software or in the information assets. As a result, access to one element may enable access to another if they are connected. An enterprise may specify the conditions on how to access certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to vulnerabilities in the enterprise information system if misused. This paper presents a formal methodology for detection of vulnerabilities and threats to enterprise information systems.\",\"PeriodicalId\":402311,\"journal\":{\"name\":\"Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)\",\"volume\":\"242 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/C3IT.2015.7060169\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/C3IT.2015.7060169","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

现代企业面临着越来越多的不确定性和不安全感、环境敏感性带来的挑战。从信息安全的角度来看，企业被视为资产及其相互关系的集合，以及用户如何使用其访问企业的权利。这些相互关系可以内置到企业信息基础设施中，例如网络体系结构中硬件元素的连接，或者软件或信息资产的安装。因此，对一个元素的访问可以使对另一个元素的访问成为可能。企业可以将以某种方式(读、写等)访问某些资产的条件规定为策略。资产之间的互联，加上特定的策略，如果使用不当，可能会给企业信息系统带来漏洞。本文提出了一种检测企业信息系统漏洞和威胁的形式化方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Extending trust in enterprise systems

Modern enterprises are facing more and more uncertainties and challenges from insecurity and context sensitivity. In view of information security, an enterprise is considered as a collection of assets and their interrelationships and how users use their rights to access the enterprise. These interrelationships may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or in the installation of software or in the information assets. As a result, access to one element may enable access to another if they are connected. An enterprise may specify the conditions on how to access certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to vulnerabilities in the enterprise information system if misused. This paper presents a formal methodology for detection of vulnerabilities and threats to enterprise information systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)

自引率

0.00%

发文量