摘要
安全策略的完整性、正确性和一致性对网络信息系统的安全性能具有重要的影响.针对其验证问题,提出了基于特征的网络安全策略动态验证模型和算法.首先给出了安全策略完整性构造方法;并在此基础上,引入保护因子、敏感因子和安全因子等要素,建立了安全策略的正确性评估模型;最后,引入关联标识集,利用策略各属性特征间的作用关系,提出了安全策略的一致性检测算法.实验结果表明,该评估模型能有效地反映安全策略的安全性能,检测算法具有较高的处理效率,为网络安全策略的验证提供了一种新的解决途径.
The integrity, validity and consistency of the security policy have important impacts on the safety performance of network information systems. For the purpose of solving the difficult problem of verifying security policy effectively, dynamic verifying model and algorithm of the network security policy based on features are proposed. Firstly, the related concepts and the method of constructing the integrity of security policy are given. Secondly, security domain, protection factor, sensitive factor and safety factor are introduced on the basis of structural integrity, and the assessment model of the validity of security policy is also built. The relationship of defense means, application targets, and information security attribute characteristics is analyzed, the protection factor and sensitivity factor are established, and then the value of security policy safety factor is obtained in order to assess the validity of security policy. Lastly, the consistency detection algorithm is put forward according to the relationship of these features by introducing the associated logo set. It is particularly suitable for the knowledge accumulation situation and real-time consistency detection requirements. Experimental results show that the assessment model can effectively reflect the safety performance of the security policy, and the detection algorithm has higher efficiency, which provides a new solution for verifying network security policy.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2009年第11期1854-1861,共8页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2007AA01Z449)
国家自然科学基金-广东联合基金重点项目( U0735002)
中国博士后科学基金项目(20070420793)~~
关键词
安全策略
安全域
完整性
正确性
一致性
security policy
security domain
integrity
validity
consistency
