中文摘要：

评估信息系统安全措施效用是改进系统信息安全绩效的一条重要途径．传统方法在评估安全措施效用时并没有考虑业务数据流、攻击流和安全措施要素之间的相互作用和影响，无法保证评估过程和结果的有效性．提出了一种给定脆弱性环境下的信息系统安全措施效用评估方法，应用颜色Petri网为系统业务数据流、攻击流和安全措施要素进行统一建模．通过设计节点间脆弱性利用图生成算法和改进的Dijkstra算法识别所有可能破坏信息系统安全属性的最短攻击路径，使用层次评价模型评估系统安全措施的效用．给出了一种基于多属性决策的系统最优信息安全效用提升方案选择算法．改善评估过程对人员主观经验的依赖问题，有助于保证评估结果的一致性和可追溯性．以一个具体的Web业务系统为例进行实验，验证了所提出的模型和方法的正确性和有效性．

英文摘要：

The efficiency evaluation of information system＇s security measures is important to improve the information system security. Conventional evaluation methods did not consider the interactivity and inter-influence of the business dataflow, attack flow, and security measures factors when evaluating system＇s security measures. Thus, they can not ensure the effectiveness of the evaluation process and results. An efficiency evaluating approach for information system＇s security measures under the given vulnerability set is presented in this paper. It employs colored Petri-Net tools to uniform modeling and simulates the interaction among the system＇s workflow, attack flow, and security measures. Based on this modeling method, the paper proposes an inter-nodes vulnerabilities exploiting graph generation algorithm and improves Dijkstra algorithm to identify shortest-attack-paths, which can cause damage to the information system＇s security attributes. Next, it constructs a hierarchical model to evaluate the effectiveness of the security measures and employs a gray multiple attributes decision-making algorithm to choose the best effectiveness-improving alternatives. By using this approach, the dependency on evaluators＇ subjectivity in the process of the evaluation of information system＇s security measures can be alleviated. Also, it helps to ensure the consistency and traceability of the evaluation results. Finally, a practical Web business system is taken as a case study to validate the correctness and effectiveness of the evaluation model.