Security Model Based on
Network Business
Security
Wu Kehe, Zhang Tong, Li Wei, Ma Gang Department of Computer Science and Technology North China Electric Power University Beijing, China
Abstract—Enterprise Network Information
System is not only the platform for information sharing and information exchanging, but also the platform for Enterprise Production Automation
System and Enterprise Management System working together. As a result, the security defense of Enterprise Network Information
System does not only include information system network security and data security, but also
include the security of network business running on information system network, which is the
confidentiality, integrity, continuity and real-time of network business.
I. INTRODUCTION
II. CONCEPT OF NETWORK BUSINESS
SECURITY
III. DESCRIPTION OF CONCEPT BASED
ON NETWORK
IV. MODEL OF NETWORK BUSINESS
SECURITY
I. INTRODUCTION
Computer and network technology provide
convenience to the people, but at the same time, security problems have emerged and become
more and more serious. With the increasing
popularity of computer applications, in particular, the rapid development of network technology,
more and more security threat have appeared and information security has become a very important and urgent issue to be solved.
Network information security has become the fifth security field after sea, land, air and space.
Existing Theory of Information
Security System
II. CONCEPT OF NETWORK
BUSINESS SECURITY
First of all, this paper defines the
"network business" concept. Network
business means enterprise management
business or controlling process of
Production Automation System running on
network. It can be further described as
1) It is composed of function program running on network
platform, realizing the enterprise management business processes and production control logic.
2) In the network environment, staff work in accordance
with logic and rhythm of business management software, or in accordance with process of control logic, which can constitute the realization of the network business.
3) From the computer network system level, network
business is composed of network process set, data sets
and process operation sequence set. Based on the analysis of network business’s concept and features, "network
security" is defined as follows: network security means the reliability, stability and real-time of business running on the network, the continuity of business processes and business operation’s confidentiality and non-repudiation.
III. DESCRIPTION OF CONCEPT
BASED ON NETWORK
BUSINESS SECURITY
Enterprise Information Network is not
only the platform for information sharing
and information exchanging, but also the
platform for enterprise business running
on and collaborative operation. Therefore,
the Enterprise Information Network
security is not only to protect the security
of data in network, but also to protect the
security of business running on network.
The Information Security System
Based on Data,Network and
IV. MODEL OF NETWORK
BUSINESS SECURITY
According to the definition of network business
and network business security in this paper, we can conclude that network business is composed of the network process sets, data sets and
process operation sequence sets. Network business security is the security of network
process sets and data sets, more precisely, is the security of network processes running and
writing operation on data sets. According to the above description of network business and
network business security, this paper describes
Model Description
a) Process Set: P={p0,p1,p2,;,pn}. piRP,
is a process running on Enterprise
Infromation Network.
b) Data Set: D={d0,d1,d2,;,dm}. djRD
$
is the data which processes access to.
c) Access Set: F={f0,f1,f2,;,fn}. fiRF,
fi=f(p,d). f(p,d) means the model of
process p access to data d.
e) Business Set: B=
°
(P+,D+,F+,S). A
business is composed of all of process
which can finish the business, all of data
which the business needs, the access
property of processes access to data and
ordered sequence between these
processes. All of businesses compose the
whole network application system which
the model defendes.
Model Constraints
According to the above description of network
business and network business security, this paper abstracts the following two properties:
‚ Property 1: The defense of data is the defense
of writing operation on data, the defense of reading operation on data is not necessary.
‚ Property 2: The right ordered sequence
between processes which network businesses needed must not be changed. According to the above two properties, the model constraint can be described as follows:
For Property 1: This paper defines pclass(p) as the access class of
process p, dclass(d) as the access class of data d. Property 1 can be described as: only if the access class of process p is higher than the access class of data d, process p can write data d. The security formula is:
For all pRP$dRD
if wRf(p,d) then pclass(p)>=dclass(d) (1)
‚ For Property 2: For any business b, the ordered sequence
between processes which business b needs must not be changed. T he security formula is:
For all bRB
S=G(P+)=(P1 + $P2 +,;,Pk +) (2)
3) Definition of Security Status For each business, the all
processes and all data must meet the f(p,d) and G(P+) constraint, so we think the business is safe. If all of businesses in the
network system is safe, then the application system in network is safe.
V. CONCLUSION
On the basis of research on actual needs and current application
status of Enterprise Information System network security defense, according to the key points of Enterprise Information System
network defense, this paper has proposed the “network business security” concept by theoretical study and research on
information security, dividing protection object of information
security into data security, network security and network business security. New information security concept considers network
business security as an important protection object in Enterprise Information Network, well explaining special problems in
Enterprise Information Systems. This paper specifically addresses the meaning of network business security and gives the formal description of network business security model, providing
theoretical basis for security development and planning of Enterprise Information System.