摘要
提出了计算机网络的一种实体安全体系结构 (ESA) .文中描述了计算机网络的组成实体 ,并讨论了各实体的安全功能分配 .基于 ESA,提出了基于政策的安全管理 (PBSM)的概念 ,其中包括三层安全政策的定义 :组织抽象安全政策、全局自动安全政策、局部可执行安全政策 ,并提出了 PBSM的三个管理环节 :制定、实施与验证 ,把网络作为一个整体来管理 ,实现安全管理的系统化和自动化 .应用实体安全体系结构 ,分析了现有网络安全服务的不足和安全管理中存在的问题 ,指出了实现 ESA的进一步研究工作 .
An entity security architecture (ESA) is proposed in this paper for computer networks, from the view of its entity components. The composite entities are described, as well as their allocation of security function for each kind of entity. Based on ESA, the idea of Policy Based Security Management (PBSM) is proposed, in which three level of security policy is defined, that is, Organizational Abstract Security Policy, Global Automatic Security Policy and Local Executable Security Policy. Three phases, the definition and creation, enforcement, and verification of security policy, are presented to achieve PBSM. Applying ESA to current networks, some deficiencies in security services provided and some problems in security management are analyzed. Finally, some further research work is pointed out which must be deployed to implement ESA.
出处
《计算机学报》
EI
CSCD
北大核心
2001年第8期853-859,共7页
Chinese Journal of Computers
关键词
计算机网络
安全体系结构
安全政策
防火墙
computer networks, security architecture, security policy, security management, policy based security management
