摘要
随着网络实体数量的急剧增长,网络安全策略的请求、更新和执行等操作对策略的发布提出了更高的要求。为了解决网络安全策略发布效率的问题,引入发布影响因子和安全域等概念,提出了基于异构的网络安全策略自适应发布数学模型和结构模型,着重分析了面向属性状态和操作的异构策略表示和生成方法,给出了安全策略快速搜索算法、策略比较及异构策略生成算法、基于安全域的地址分配及数据转发算法。与传统的全策略发布模型相比,大大提高了策略处理效率,并占用较少的网络信道资源。
The operations of security policy's request, update, and execute have put forward higher requirements of the policy distribution. For purpose of resolving the distribution efficiency of the network security policy, the security policy self- distribution mathematic model and structural model were proposed based on structure-dissimilarity, which introduced the concepts of distribution factor, security domain, etc. Expression and making ways of the structure-dissimilarity policy faced on attribute characters and operation were analyzed emphatically. The security policy searching algorithm, comparing algorithm, structure-dissimilarity policy building algorithm, address assigning and data transmitting algorithm based on security domain were presented. Compared with the classical entire distribution model, the proposed methods are superior to enhance the system security policy disposal efficiency, and occupy the lesser resources of network channel.
出处
《计算机科学》
CSCD
北大核心
2009年第9期74-78,138,共6页
Computer Science
基金
国家高技术研究发展计划(863)项目(2007AA01Z449)
国家自然科学基金-广东联合基金重点项目(U0735002)
中国博士后科学基金项目(20070420793)资助
关键词
安全策略
自适应发布
异构
安全域
Security policy, Self-distribution, Structure-dissimilarity, Security domain