计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (31): 93-97.DOI: 10.3778/j.issn.1002-8331.2009.31.028

• 网络、通信、安全 • 上一篇    下一篇

基于分层网络系统模型的多层策略生成和表示

吴 蓓,陈性元,张永福,代向东,彭 军   

  1. 解放军信息工程大学 电子技术学院,郑州 450004
  • 收稿日期:2008-07-01 修回日期:2008-10-06 出版日期:2009-11-01 发布日期:2009-11-01
  • 通讯作者: 吴 蓓

Multi-level policy generation and representation based on hierarchy network system model

WU Bei,CHEN Xing-yuan,ZHANG Yong-fu,DAI Xiang-dong,PENG Jun   

  1. Electronic Technology Institute,PLA Information Engineering University,Zhengzhou 450004,China
  • Received:2008-07-01 Revised:2008-10-06 Online:2009-11-01 Published:2009-11-01
  • Contact: WU Bei

摘要: 策略编写和表示是策略研究的基础。当前策略编写多直接面向设备和技术,过于依赖管理员的知识和经验,而忽视了应用环境对策略制定的要求和影响,造成策略编写不完备、易出错。为解决这一问题,设计了分层网络安全系统模型,提出从系统建模的角度讨论策略生成和表示,使得策略制定不再局限于单台设备或某种安全功能,而是建立在了解整个网络系统安全需求的基础上,一定程度上实现了策略的自动生成,保证了策略制定的正确性和完整性,降低了管理员负担,减小了出错的可能。然后通过提炼策略基本属性,设计了基于网络安全系统模型的多层安全策略表示方法,并采用BNF范式描述了策略语法规范,策略表示更加友好,操作性更强。

关键词: 策略生成, 多层策略表示, 分层网络系统模型, 策略属性, BNF范式

Abstract: Policy establishment and representation is the base of the policy research.Nowadays,device and technology oriented policy making excessively depends on the knowledge and the experiences,but ignores the requirement and the effect of the application environment.So the policy making is no integrity and liable to make a mistake.To solve the problem,hierarchy network security system model is designed,and the policy making and representation is proposed based on the system modeling,which make the policy making is not limited by the single device and the only one security function.Upon the method,the policy auto making is implemented to some degree and the correctness and the integrity are insured,which decrease the burden of the manager,and the possibilities of the mistaking.According to the refinement of the policy basic attributes,Multi-level policy representation method based on requirement-driven network system model is promoted.Using the BNF normal form to describe the policy grammar specification,policy representation is friendlier and more operable.

Key words: policy generation, multi-level policy representation, hierarchy network system model, policy attribute, Backus-Naur Form(BNF)

中图分类号: