期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于域的网络安全策略研究 被引量:7

Research of Network Security Policy Based on Domain
下载PDF
导出
摘要 针对大规模网络环境下的安全特点,提出了一种基于域的网络安全策略模型,通过应用域和规范安全策略语言,研究了策略的存储、查找、冲突检测与消解、发布实施过程中的技术和原则。应用该模型后的系统成为一种具有自动化策略管理特点的安全系统。 Aiming at the security characters of large-scale network environment, a network security policy model based on domain is proposed. By applying domain and the security policy language criterion, the techniques and principles of policies' store, finding, implementation, conflicts detection and resolution are studied. The system which applies this model is a safe one with the peculiarity of auto-managing policy.
作者 唐成华 胡昌振 崔中杰
机构地区 北京理工大学信息安全与对抗技术研究中心
出处 《计算机工程》 CAS CSCD 北大核心 2007年第9期131-133,共3页 Computer Engineering
基金 国防科技基础研究项目
关键词 安全策略 策略冲突 实体 Security policy Domain Policy conflict Entity
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Blaze M,Feigenbaum J.The KeyNote Trust-management System Version2[EB/OL].1999-09.http://www.rfc-archive.org/getrfc.php? rfc=2704.
  • 2Kagal L,Finin T.A Policy Language for a Pervasive Computing Environment[EB/OL].1997.http://www.csee.umbc.edu/-finin/papers /policy03.pdf.
  • 3Jajodia S,Samarati P.A Logical Language for Expressing Authorizations[EB/OL].1997.http://seclab.dti.unimi.it/Papers/oak97-final.ps.
  • 4田大新,刘衍珩,李永丽,唐怡.数据包过滤规则的快速匹配算法和冲突检测[J].计算机研究与发展,2005,42(7):1128-1135. 被引量:14
  • 5Al-Shaer E,Hamed H.Conflict Classification and Analysis of Distributed Firewall Policies[EB/OL].2005.http:// www.mnlab.cs.depaul.edu/projects/FPA/files/jsac05.pdf.
  • 6Jonathan D,Morris S.Policy Conflict Analysis in Distributed System Management[EB/OL].1993.http://www.moffett.me.uk/jdm/pubs/ polconfl.pdf.
  • 7Lupu E,Sloman M.Conflict Analysis for Management Policies[EB/OL].1997.http://www.doc.ic.ac.uk/-ecl1/wiki/lib/exe/ fetch.php?id=emil%3Aresearchthemes%3Apubbytheme&cache=cache&media=research:papers:1997im.pdf.

二级参考文献18

  • 1R. Hunt, T. Verwoerd. Reactive firewalls-A new technique.Computer Communications, 2003, 26(12): 1302-1317
  • 2D. Wang, R. Hao, D. Lee. Fault detection in rule-based software systems. Information and Software Technology, 2003,45(12): 865~871
  • 3P. Gupta, N. McKeown. Packet classification on multiple fields.ACM SIGCOMM' 99, Harvard University, 1999. http: //yuba. Stanford. edu/~ pankaj/paps/sig9. pdf
  • 4V. Srinivasan, S. Suri, G. Varghese. Packet classification using tuple space search. ACM SIGCOMM'99, Harvard University,1999. http: // www.acm.org/pubs/citations/proceedings/comm/316188/p1 35-srinivasan/-93k
  • 5T.V. Lakshman, D. Stiliadis. High-speed policy-based packet forwarding using efficient multi-dimensional range matching. ACM SIGCOMM' 98, Vancouver, 1998. http://students. cec. wustl.edu/~ cs524/SP2001/Presentations/hw_lookup. pdf
  • 6V. Srinivasan, G. Varghese, S. Suri, et al. Fast and scalable layer four switching. ACM SIGCOMM' 98, Vancouver, 1998.http://www. acm. org/sigcomm/sigcomm98paper16. ps
  • 7F. Baboescu, G. Varghese. Scalable packet classification. ACM SIGCOMM' 01, San Diego, 2001. http: // www.acm.org/sigcomm/sigcomm2001 / p 16-baboescu. pdf
  • 8L.L. Qiu, G. Varghese, S. Suri. Fast firewall implementations for software and hardware-based routers. ICNP 2001 Int'l Conf.Network Protocols, Riverside, California, 2001. http: //www. ieee-icnp. org/2001/papers/2001-26. pdf
  • 9F. Baboescu, S. Singh, G. Varghese. Packet classification for core routers: Is there an alternative to CAMs? IEEE INFOCOM2003, San Francisco, California, 2003. http: // www.ieeeinfocom. org/2003/papers/02_02. PDF
  • 10S. Singh, F. Baboescu, G. Varghese, et al. Packet classification using multidimensional cutting. ACM SIGCOMM'03, Karlsruhe,Germany, 2003. http://www.acm.org/sigcomm/sigcomm2003/papers/p213-singh. pdf

共引文献13

同被引文献43

引证文献7

二级引证文献34

计算机工程
2007年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部