Abstract:
Under the guidance of existing laws, regulations and standards, a general framework of network security infrastructure is proposed. The proposed infrastructure discusseds the relations between security objectives, security boundary, security infrastructure elements and security risk assessment. Based on this infrastructure, we present our modeling approaches of security objectives, security boundary and security infrastructure elements using UML’s standard and powerful modeling ability. Our modeling methods can eliminate the ambiguity in communication and make the representation of security system be standardized. Using our analysis methods, security administrators can validate how the business processes meet to the business goals and get the security risk of the system. By modeling an online banking, the proposed security framework and modeling methods’ validity and rationality are verified. The proposed approach can help security administrators model the network security system in a visualization method. Based on modal logic, security administrators can deduce the logical relationships between each element and the results can guide security administrators to deploy proper security measures. Compared with the existing methods, the method of this paper is more comprehensive and has stronger guiding significance.