摘要
以安全重构元为基础,能够提供高灵活性、适应性和可扩展性安全服务的可重构安全计算系统已成为当前安全研究领域的热点问题.目前,关于重构机理的研究主要采取基于功能候选集的静态重构配置生成方法,可重构安全系统作为一种主动安全防御手段,应具有动态自动重构的能力,避免人工介入导致的脆弱性.针对动态自动可重构安全系统的建模以及配置生成过程的描述问题,提出了一种基于直觉主义逻辑扩展的动态自动可重构安全系统逻辑模型SSPE,给出了逻辑模型SSPE上的语法和推理规则,设计了基于SSPE的等级化安全重构元和安全需求建模和表达方法,并给出了基于映射关系的安全重构元描述向逻辑语言的转换规则.最后,以IPSec协议为例,阐述了可重构安全系统重构配置的动态自动推理生成过程.基于直觉主义逻辑的可重构安全系统建模和配置生成方法,为研究可重构安全系统的重构机理提供了新的思路和方法,具有重要的意义.
Reconfigurable security system with high flexibility,adaptability and scalability is a hot issue in the field of security research. At present,research on the reconfiguration mechanism is mainly based on the static reconfiguration method.As an active security defense method,it should have the ability of dynamic automatic reconfiguration.In order to solve the problem of modeling and describing dynamic and automatic reconfigurable security system,this paper proposes a new model,SSPE based on intuitionistic logic,and presents its syntax and inference rules.The transformation rules from the specification of security reconfigurable component to SSPE logic expressions are obtained by the method of mapping relationship.In the end,the paper describes the reasoning and generating process of security system reeonfiguration based on IPSec protocol.Modeling and expression method based on intuitionistie logic can provide new ideas and methods for the research of reconfigurable security system,which is of great significance.
作者
肖玮
陈性元
杜学绘
李海玉
陈宇涵
XIAO Wei;CHEN Xing-Yuan;DU Xue-Hui;LI Hai-Yu;CHEN Yu-Han(Cryptography Engineering College,The PLA Information Engineering University,Zhengzhou 450000,China;Department of Foundation,Aviation University of Air Force,Changchun 130022,China)
出处
《软件学报》
EI
CSCD
北大核心
2018年第12期3635-3647,共13页
Journal of Software
基金
国家高技术研究发展计划(863)(2012AA012704)
国家自然科学基金(61502531).
关键词
可重构安全系统
直觉主义逻辑
安全重构元
重构机理
reconfigurable security system
intuitionistic logic
security reconfigurable component
reconfiguration mechanism
