摘要
基于策略的安全防护技术是当前网络安全研究的重点之一,但其中的抽象策略求精问题一直没有得到很好解决,从而导致基于策略的安全应用需要人工干预配置策略.本文基于安全策略的分层管理模型,提出了一个集目标求精和实体求精为一体的安全策略逐级求精算法.该算法首先通过目标求精将抽象策略转化为系统应执行的安全行为,然后通过实体求精确定安全行为的执行环境,从而将抽象策略转化为系统可理解和可执行的操作规则,解决了策略求精问题.
The policy-based security defense technology is the key of current network security research. However, the policy refinement hash' t been implemented to satisfaction for the time being, and the policies of application in network security are still configured manually. Integrated with goal refinement method and entity refinement method, an algorithm of policy refinement is proposed in this paper on the basis of layered-policy model for security policy. Using goal refinement method, this algorithm transforms abstract policies into rules of security actions and then works out the executing conditions of security actions with an entity refinement method. All of these convert abstract policy into system-understandable and system-enforceable rules, and hence the solution of policy refinement implementation.
出处
《小型微型计算机系统》
CSCD
北大核心
2007年第6期998-1002,共5页
Journal of Chinese Computer Systems
基金
国家高技术研究发展计划项目(2003AA712022)资助.
关键词
安全策略
分层管理模型
目标求精
实体求精
security policy
hierarchical management model
goal refinement
entity refinement