Jinxin Zuo^1,2, Yueming Lu^1,2,*, Hui Gao^2,3, Tong Peng^1,2, Ziyv Guo^2,3, Tong An^1,2, Enjie Liu⁴

CMC-Computers, Materials & Continua, Vol.68, No.2, pp. 2579-2595, 2021, DOI:10.32604/cmc.2021.016623

Abstract With the skyrocketing development of technologies, there are many issues in information security quantitative evaluation (ISQE) of complex heterogeneous information systems (CHISs). The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently. In this paper, we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process. The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively. Firstly, with the support of asset identification and topology data, we… More >

Jinxin Zuo^{1, 3}, Yueming Lu^{1, 3, *}, Hui Gao^{2, 3}, Ruohan Cao^{2, 3}, Ziyv Guo^{2, 3}, Jim Feng⁴

CMC-Computers, Materials & Continua, Vol.65, No.1, pp. 683-704, 2020, DOI:10.32604/cmc.2020.010793

Abstract The development of the Internet of Things (IoT) calls for a comprehensive information security evaluation framework to quantitatively measure the safety score and risk (S&R) value of the network urgently. In this paper, we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback. The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection. Firstly, we establish an overall evaluation indicator system that includes four primary indicators of threat information, asset, vulnerability, and management, respectively. It also includes eleven… More >