摘要:In this paper, we propose analysis methods based on security entropy to overcome the problem of quantitative analysis, after going through the study of access control capability assessment for computer information system. At First, we computed the uncertainty how system determine irregular access behavior using the security entropy theory. Next, we defined the security theorem of classificatory information system, and proposed the standard of access control capability. Finally, we analyzed the typical access control models using the methods, and compared security and applicability of them. It proved that the method is appropriate for security quantitative analysis of access control model and for the evaluation of access control capability in information system.
关键词:Information entropy;Security entropy;Classificatory access control model;Direct unauthorized access;Right about access;Indirectly unauthorized access
