楼主的内容不是太难,翻译还是有把握的,就是赏分有点低,特别是第1帖.所以先翻第3帖.请审阅
Fourth,there is no time aspect associated with the current security metric definitions.A system is measured secure today does not mean it will be secure tomorrow.An objective metric is a measurement taken on a time interval.Some examples include the integrity of a database for the last three months,and the availability of a Web server for the first quarter of a year.
第4,不存在与目前安全度量定义相关的时间方面.一个系统今天衡量为安全的并不意味着它明天还是安全的.一个客观的度量是在某一时间间隔进行的测量.有些例子包括了最近三个月的数据库的整体,以及一年中第一个季度Web服务器的适用性.
Fifth,traditional two-value logics are not suitable for security analysis.A statement in any traditional logic system is either true or false.When applied to the analysis of security metrics,these logic systems are fragile:even small changes in the system can lead to opposite truth values for a security specification.
第5,传统的双值逻辑不适用于安全性分析.在任何传统的逻辑系统中的表述可能是对的,也可能是错的.当用于安全性度量的分析时,这些逻辑系统是脆弱的:甚至系统微小的变化都会导致关于安全性技术条件的相反的真值.
We propose in this paper some solutions to the issues discussed above.The rest of the paper is organized as four sections.Section 2 discusses security models.Section 3 discusses security metrics.Section 4 proposes a dynamic testing principle and examples.Section 5 gives a brief summary of the work and discusses further research issues and open problems.
我们在本文中提出了一些针对上述问题的解决方案.本文的其余部分被组织成4个小节.第2节讨论安全模型.第3节讨论安全性的度量.第4节提出一种动态的测试原理和一些例子.第5节给出了研究工作简单的概述,并讨论了进一步研究的问题和公开的问题