ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇

基于特征的网络安全策略验证

唐成华1,2 余顺争1   

  1. 1(中山大学电子与通信工程系 广州 510275) 2(桂林电子科技大学计算机与控制学院 广西桂林 541004) (tchbox@163.com)
  • 出版日期: 2009-11-15

Verifying Network Security Policy Based on Features

Tang Chenghua1,2 and Yu Shunzheng1   

  1. 1(Department of Electrical and Communication Engineering, Sun Yat-sen University, Guangzhou 510275) 2(College of Computer and Control, Guilin University of Electronic Technology, Guilin, Guangxi 541004)
  • Online: 2009-11-15

摘要: 安全策略的完整性、正确性和一致性对网络信息系统的安全性能具有重要的影响.针对其验证问题,提出了基于特征的网络安全策略动态验证模型和算法.首先给出了安全策略完整性构造方法;并在此基础上,引入保护因子、敏感因子和安全因子等要素,建立了安全策略的正确性评估模型;最后,引入关联标识集,利用策略各属性特征间的作用关系,提出了安全策略的一致性检测算法.实验结果表明,该评估模型能有效地反映安全策略的安全性能,检测算法具有较高的处理效率,为网络安全策略的验证提供了一种新的解决途径.

关键词: 安全策略, 安全域, 完整性, 正确性, 一致性

Abstract: The integrity, validity and consistency of the security policy have important impacts on the safety performance of network information systems. For the purpose of solving the difficult problem of verifying security policy effectively, dynamic verifying model and algorithm of the network security policy based on features are proposed. Firstly, the related concepts and the method of constructing the integrity of security policy are given. Secondly, security domain, protection factor, sensitive factor and safety factor are introduced on the basis of structural integrity, and the assessment model of the validity of security policy is also built. The relationship of defense means, application targets, and information security attribute characteristics is analyzed, the protection factor and sensitivity factor are established, and then the value of security policy safety factor is obtained in order to assess the validity of security policy. Lastly, the consistency detection algorithm is put forward according to the relationship of these features by introducing the associated logo set. It is particularly suitable for the knowledge accumulation situation and real-time consistency detection requirements. Experimental results show that the assessment model can effectively reflect the safety performance of the security policy, and the detection algorithm has higher efficiency, which provides a new solution for verifying network security policy.

Key words: security policy, security domain, integrity, validity, consistency