摘要
面对天地一体化信息网络多域安全控制需求,针对单进程正则匹配的方式制约了互联安全网关的性能问题,提出基于进程通信语义安全分析的互联安全控制高性能优化方法。该方法采用以进程概念为中心的并行程序设计语言描述主从进程的交互模型,通过赋予状态转移系统语义,实现主从进程的组合语义精确的表达。通过形式化语义分析,该方法具有运行无死锁、饥饿,且等价于原有正则匹配的语义安全性。实验结果表明,该方法能够充分发挥多核硬件优势,使用进程绑定CPU方式,减少操作系统调度器的上下文切换开销,在复杂正则表达式情形下,比单核运行提高一个数量级。
Facing the demand of multi-domain security control in the integrated network of air and ground,to solve the problem that singleprocess regular matching restricts the performance of interconnected security gateway,the method of high-performance optimization of interconnected security control based on semantic security analysis of process communication was proposed.The interaction model of master-slave processes was described in a parallel programming language in the method The state transition system semantics were given to accuately express the combined semantics of the master-slave processes."The security of master-slave processes in combinatorial semantics was analyzed, which ensured that the parallel running of processes had no deadlock and starvation,and was equivalent to the original regular matching.Experimental results showed that the proposed method could give full play to the advantages of multi-core hardware and reduced the context switching overhead of the scheduler.In the case of complex regular expressions,the method was an order of magnitude better than singe-core running.
作者
卢波
陆月明
LU Bo;LU Yueming(Key Laboratory of Trustworthy Distributed Computing and Service,Ministry of Education,School of Cyber Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《天地一体化信息网络》
2021年第3期35-47,共13页
Space-Integrated-Ground Information Networks
基金
国家重点研发计划资助(No.2016YFB0800302)。
关键词
形式化分析
正则表达式匹配
访问控制
并行计算
formal analysis
regular expression matching
access control
parallel computing
