查詢結果分析
來源資料
頁籤選單縮合
題名 | 通用性資訊安全稽核系統=A Universal Information Security Audit System |
---|---|
作者 | 鄭旭宏; 張保忠; 張耿豪; Jeng, Shi-horng; Chang, Pao-chung; Chang, Gan-how; |
期刊 | 電信研究 |
出版日期 | 20080200 |
卷期 | 38:1 2008.02[民97.02] |
頁次 | 頁161-172 |
分類號 | 312.76 |
語文 | chi |
關鍵詞 | 資訊安全稽核系統; 網路安全; Audit; Analyze; Evidence; Exible; Security; Signature; Trail; Universal; |
中文摘要 | 隨著電腦科技的便利快捷與網際網路時代的來臨,近年來人們在網路上使用電子方式進行資訊交換的行為越來越頻繁,電子商務、電子化政府等新興服務取代了傳統的作業方式,也引出了一些新的問題,讓我們開始重視資訊系統的安全性。 一個安全的資訊系統,除了要求存取重要機密資料時,需要運作上的授權、驗證的安全性檢核之外,亦需有一套可靠的稽核系統,來監視整個資訊系統的運作,能即時發現系統之異常狀況,或在事後有軌跡可追尋事件發生的原因及過程,做為系統回復、填補漏洞的指引,或當做官司訴訟上的證據。 本系統提供一個可以對應用程式執行軌跡產生紀錄之功能,透過本系統可以產生具數位簽章的稽核紀錄,防止稽核軌跡有事後遭受竄改之虞;並提供靈活的紀錄格式,可以記錄多樣化的資訊;若與資料庫配合,可以輕易達到所紀錄資訊的查詢功能,進而提供分析功能,並針對特定事件發生時能即時發出警訊。 |
英文摘要 | Given the popularity and conveniences of digital technologies, more and more people exchange their information through digital devices on the Internet. Emerging services such as e-commerce and e-government have replaced traditional transaction processes for the advantages of convenience and efficiency. However, these advantages raise some issues on information security since the data can be accessed easily and unwittingly. That's why the information security becomes the hottest subject of computer science in the recent years. In order to protect information systems from dangers, the authorization and authentication procedures for accessing confidential information are essential components. In addition, a reliable audit system is another vital component to ensure the information security. The functions of an audit system are to help managers monitor the operation of information systems when transactions processing, to real-time detect the anomaly, and to record all key acts the users have taken. The audit records can serve as trace trails for transaction processes, guidelines for system roll-back and defect fixing, or evidence for lawsuit after disasters happened. In this paper, we proposed a universal information security audit system. The proposed audit system can automatically generate audit records for system's execution trails. In order to prevent the audit records from unauthorized modification, digital signatures will be attached to the audit records to ensure the integrity. The proposed audit system also provides flexible formats for recording various audit information. When connecting with the database, it can query and analyze the information in the database, and deliver the alert messages in real-time when specific events occur. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。