Verifying Network Security Policy Based on Features
-
Graphical Abstract
-
Abstract
The integrity, validity and consistency of the security policy have important impacts on the safety performance of network information systems. For the purpose of solving the difficult problem of verifying security policy effectively, dynamic verifying model and algorithm of the network security policy based on features are proposed. Firstly, the related concepts and the method of constructing the integrity of security policy are given. Secondly, security domain, protection factor, sensitive factor and safety factor are introduced on the basis of structural integrity, and the assessment model of the validity of security policy is also built. The relationship of defense means, application targets, and information security attribute characteristics is analyzed, the protection factor and sensitivity factor are established, and then the value of security policy safety factor is obtained in order to assess the validity of security policy. Lastly, the consistency detection algorithm is put forward according to the relationship of these features by introducing the associated logo set. It is particularly suitable for the knowledge accumulation situation and real-time consistency detection requirements. Experimental results show that the assessment model can effectively reflect the safety performance of the security policy, and the detection algorithm has higher efficiency, which provides a new solution for verifying network security policy.
-
-