期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种可扩展的安全策略翻译技术 被引量:1

Transformation Technique of Extensible Security Policy
下载PDF
导出
摘要 如何在不同的安全设备上执行统一描述的策略是策略管理研究的难点。该文通过在策略决策点增加可扩展的词法库和语法库,在策略执行点采用通用代理程序进行策略翻译,支持系统内不同设备及类型的动态扩展,为不同类型的安全设备的策略翻译提供了一种新方法,提高了策略管理的可扩展性和通用性。 It is difficult to perform unified description policy on different secure devices in policy management research. This paper adds extensible accidence database and syntax database in the PDP, and policy transformation is performed through universal agent program in the PEP, which supports the extension of different devices and types in the system. A new method of policy transformation for different types of secure devices is put forward, which improves the expandability and universality of the policy management.
作者 代向东 陈性元 吴蓓 牛新建
机构地区 解放军信息工程大学电子技术学院
出处 《计算机工程》 CAS CSCD 北大核心 2007年第16期136-138,共3页 Computer Engineering
关键词 策略属性 策略翻译 词法库 语法库 policy attribute policy transformation accidence database syntax database
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献5

  • 1Nicodemos C,Damianou A.PolicyFramework for Management of Distributed Systems[R].Technology and Medicine University of Lodon,2002-02.
  • 2张少俊,李建华,郑明磊.基于策略的网络管理[J].计算机工程,2003,29(16):127-129. 被引量:13
  • 3李莉,任秀丽,栾贵兴.基于策略的分布式网络管理系统[J].东北大学学报(自然科学版),2002,23(6):515-518. 被引量:20
  • 4Beigi M S,Calo S,Verma D.Policy Transformation Techniques in Policy-based Systems Management[R].IBM T.J.Watson Res.Center,2004-06:13-22.
  • 5李忠宪.iptables指令详解[EB/OL].(2006-03-16).http://www.i170.com/article/18839.

二级参考文献15

  • 1DMTF.Common Information Model Specification Version 2.2.DSP0004,1999-06.
  • 2Moon: B.Policy Core Information Model Version I Specification,RFC3060. 2001-02.
  • 3Damianou N,Dulay N,Lupu E,et al.Ponder. A Language for Specifying Security and Management Policies for Distributed System.Imperial College DTR00- 1,2000-01.
  • 4Sloman M,Lupu E. Security and Management Policy Specification.IEEE Network, 2002,(2):10-19.
  • 5Duan Haixin, Wu Jianping.Security Management for Large Computer Networks, IEEE, 1999, 2:1208-1213.
  • 6Martin J P. A survey of distributed enterprise network and systems management[J]. Journal of Network and Systems Management,1999,7(1):9-26.
  • 7Martin J P, Znaty S. Annotated typology of distributed network management paradigms[R]. Lausanne:SCC Press,1997.
  • 8IS9595-2-1988,Common Management Information Service[S].
  • 9Galvin J M, McCloghrie K. Administrative model for version 2 of the simple network management protocol(SNMPv2)[R]. Reston: Internet Engineering Task Force,1993.
  • 10Jamie J,Michael J. Draft-ietf-ipsec-policy-schema-00.txt[EB/OL],http:∥www.ietf.org/proceedings/99jul/I-D/draft-ietf-ipsec-policy-schema-00.txt, 1999-05-24/1999-11-24.

共引文献29

同被引文献4

  • 1Gao Zhuomin. Conflict Handling in Policy-based Security Management[D]. Gainesville, USA: University of Florida, 2002.
  • 2Al-Shaer E S, Hamed H H. Discovery of Policy Anomalies in Distributed Firewalls[C]//Proc. of the 23rd IEEE Computer and Communications Societies Annual Joint Conference. Chicago, USA: [s. n.], 2004.
  • 3Cuppens F, Cuppens B N, Garc'a A J. Detecting and Removal of Firewall Misconfiguration[EB/OL]. (2005-02-25). http://www. rennes.enst-bretagne.fr/~fcuppens/articles/cnis05.pdf.
  • 4Eronen P, Zitting J. An Expert System for Analyzing Firewall Rules[EB/OL]. (2001-11-05). http://www.niksula.hut.fi/-peronen/publications/nordsec_2001 .pdf.

引证文献1

二级引证文献4

计算机工程
2007年 第16期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部