Abstract:
The evaluation of security assurance for information system has been becoming an important research field of information security. The security assurance evaluation, based on 《Evaluation Framework for Information Systems Security Assurance》(GB/T 20274,SCC), can achieve the standardize of the evaluation process and improve the authoritative of evaluation results. By introducing CAE (Claim Argument Evidence) evidence reasoning model into SCC evaluation to obtain the multi level hierarchical structure of SCC security assurance evaluation, this paper proposes a DS evidence theory based security evaluation method. Thus, the quantitative inference on security assurance evaluation can be attained. Some examples are computed by utilizing the proposed algorithm to achieve the security assurance evaluation tool. Moreover, the comparison between DS and AHP algorithm are made for the evaluation inference.