完整後設資料紀錄
DC 欄位語言
dc.contributor.author蔡欣宜en_US
dc.contributor.authorTsai, Hsin-Yien_US
dc.contributor.author黃育綸en_US
dc.contributor.authorHuang, Yu-Lunen_US
dc.date.accessioned2014-12-12T01:27:52Z-
dc.date.available2014-12-12T01:27:52Z-
dc.date.issued2011en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079612820en_US
dc.identifier.urihttp://hdl.handle.net/11536/41940-
dc.description.abstract資訊安全評估機制可以提供資訊系統的安全評估結果,協助系統管理者有效地瞭解系統之安全性,並成為系統管理者管理該系統之參考依據。由於一個系統的安全性涉及許多因素,諸如系統設定、安全機制、現有攻擊方式等等,因此資訊安全的評估不能僅考慮單一面向,而必須要能同時考慮多項因素所造成的影響。本文分別由系統外部與內部攻擊的角度出發,探討資訊安全評估方法之設計,及其所能提供的評估結果。在外部攻擊方面,本文提出一個無線網路風險評估方法;該方法首先考慮網路系統的安全條件、攻擊手法與系統設定,以建立風險模型,接著本文再提出一套量測準則,藉以量化風險數值。在內部攻擊方面,本文提出一套量化分析軟體控制流程模糊化之方法,以評估控制流程模糊化對軟體強韌度之影響。該方法基於控制流程圖之概念,將控制流程模糊化轉換為正規表示式。以此正規表示式為基礎,本文進一步提出新的量測準則,以計算軟體控制流程模糊化所提供的保護能力。最後,本文利用數個範例,說明並驗證本文所提方法之可行性。我們相信本文所提之方法能提供系統管理者更全面的資訊安全評估結果,並進一步地協助系統管理者管理該系統。zh_TW
dc.description.abstractAssessment of cyber security is a long-standing and great challenge since multifarious factors and their reciprocal effects have to be considered in the meanwhile for the assessment. Due to its complexity, assessment of cyber security should be performed with multiple aspects. This dissertation presents the quantitative assessments from the perspectives of both external and internal attacks. Regarding assessing cyber security in terms of external attacks, we propose a wireless risk assessment method which consists of a risk model and an assessment measure. The risk model is in charge of modeling wireless network risk, and the assessment measure is an algorithm of determining the risk value per the risk model. As for internal attacks, we introduce a novel framework to evaluate software robustness in terms of control-flow obfuscating transformations. On the basis of this framework, we propose new metrics for quantifying the protection effect yielded by a control-flow obfuscating transformation. Moreover, we conduct the case studies to validate the proposed assessment methods. We believe that our methods are helpful for a system administrator to evaluate and manage the cyber security in a more effective way.en_US
dc.language.isoen_USen_US
dc.subject風險評估zh_TW
dc.subject資訊安全zh_TW
dc.subject量化分析zh_TW
dc.subject軟體模糊化zh_TW
dc.subject軟體保護zh_TW
dc.subjectrisk assessmenten_US
dc.subjectCyber securityen_US
dc.subjectsoftware obfuscationen_US
dc.subjectsoftware protectionen_US
dc.title從攻擊角度定量評估資訊系統安全性zh_TW
dc.titleQuantitative Assessments of Cyber Security from the Perspective of Attacksen_US
dc.typeThesisen_US
dc.contributor.department電控工程研究所zh_TW
顯示於類別:畢業論文


文件中的檔案:

  1. 282001.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。