Vol.68, No.2, 2021, pp.2579-2595, doi:10.32604/cmc.2021.016623
OPEN ACCESS
ARTICLE
Security-Critical Components Recognition Algorithm for Complex Heterogeneous Information Systems
  • Jinxin Zuo1,2, Yueming Lu1,2,*, Hui Gao2,3, Tong Peng1,2, Ziyv Guo2,3, Tong An1,2, Enjie Liu4
1 School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2 Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, 100876, China
3 School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing, 100876, China
4 University of Bedfordshire, Institute for Research in Applicable Computing (IRAC), Luton, UK
* Corresponding Author: Yueming Lu. Email:
Received 06 January 2021; Accepted 12 February 2021; Issue published 13 April 2021
Abstract
With the skyrocketing development of technologies, there are many issues in information security quantitative evaluation (ISQE) of complex heterogeneous information systems (CHISs). The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently. In this paper, we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process. The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively. Firstly, with the support of asset identification and topology data, we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components (set) of the CHIS. Then, we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS. Moreover, we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model. Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.
Keywords
Complex heterogeneous information system; security-critical component; threat attack tree; information security quantitative evaluation
Cite This Article
J. Zuo, Y. Lu, H. Gao, T. Peng, Z. Guo et al., "Security-critical components recognition algorithm for complex heterogeneous information systems," Computers, Materials & Continua, vol. 68, no.2, pp. 2579–2595, 2021.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.