摘要
为解决大型系统中大量设备配置方式多样性导致人工安全设备配置复杂烦琐、容易出错、效率低下的问题,设计了一种基于动态模板的策略翻译及配置方法。通过构建基于编码的策略翻译模板,利用编码简单、通用、易计算的特点,指导归一化策略向设备个性化配置命令行转换,同时通过关键词对比法,保证策略配置的准确性。实验分析结果证明,所提策略翻译及配置方法具有强扩展性和高准确度。
To solve the problem of complex,cumbersome and error-prone configuration of security devices caused by the heterogeneous configuration modes in complex networks,a dynamic template-based scheme for translating and configuring policy was proposed.In detail,considering the code’s features,the code-based template for translating policies was constructed to configure the command line conversion,and the keyword comparison method was used to ensure the accuracy of policy configuration.Experiments show that the scalability and the accuracy of the proposed scheme.
作者
郭云川
李凌
李勇俊
成林
杜君
张玲翠
GUO Yunchuan;LI Ling;LI Yongjun;CHENG Lin;DU Jun;ZHANG Lingcui(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;China Information Technology Security Evaluation Center,Beijing 100085,China;Beijing Leadsec Technology Co.,Ltd,Beijing 100191,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第12期138-148,共11页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2017YFB0801802,No.2016QY06X1203)
国家自然科学基金资助项目(No.U1836203)
中国科学院战略性先导科技专项基金资助项目(No.XDC02040400)~~
关键词
设备配置
安全策略
策略翻译
动态模板
device configuration
security policy
policy translation
dynamic template
