ISSN 1000-1239 CN 11-1777/TP

• 论文 •

### 基于特征的网络安全策略验证

1. 1(中山大学电子与通信工程系 广州 510275) 2(桂林电子科技大学计算机与控制学院 广西桂林 541004) (tchbox@163.com)
• 出版日期: 2009-11-15

### Verifying Network Security Policy Based on Features

Tang Chenghua1,2 and Yu Shunzheng1

1. 1(Department of Electrical and Communication Engineering, Sun Yat-sen University, Guangzhou 510275) 2(College of Computer and Control, Guilin University of Electronic Technology, Guilin, Guangxi 541004)
• Online: 2009-11-15

Abstract: The integrity, validity and consistency of the security policy have important impacts on the safety performance of network information systems. For the purpose of solving the difficult problem of verifying security policy effectively, dynamic verifying model and algorithm of the network security policy based on features are proposed. Firstly, the related concepts and the method of constructing the integrity of security policy are given. Secondly, security domain, protection factor, sensitive factor and safety factor are introduced on the basis of structural integrity, and the assessment model of the validity of security policy is also built. The relationship of defense means, application targets, and information security attribute characteristics is analyzed, the protection factor and sensitivity factor are established, and then the value of security policy safety factor is obtained in order to assess the validity of security policy. Lastly, the consistency detection algorithm is put forward according to the relationship of these features by introducing the associated logo set. It is particularly suitable for the knowledge accumulation situation and real-time consistency detection requirements. Experimental results show that the assessment model can effectively reflect the safety performance of the security policy, and the detection algorithm has higher efficiency, which provides a new solution for verifying network security policy.