计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2009年
31期
93-97,101
,共6页
策略生成%多层策略表示%分层网络系统模型%策略属性%BNF范式
策略生成%多層策略錶示%分層網絡繫統模型%策略屬性%BNF範式
책략생성%다층책략표시%분층망락계통모형%책략속성%BNF범식
policy generation%multi-level policy representation%hierarchy network system model%policy attribute%Backus-Naur Form(BNF)
策略编写和表示是策略研究的基础.当前策略编写多直接面向设备和技术,过于依赖管理员的知识和经验,而忽视了应用环境对策略制定的要求和影响,造成策略编写不完备、易出错.为解决这一问题,设计了分层网络安全系统模型,提出从系统建模的角度讨论策略生成和表示,使得策略制定不再局限于单台设备或某种安全功能,而是建立在了解整个网络系统安全需求的基础上,一定程度上实现了策略的自动生成,保证了策略制定的正确性和完整性,降低了管理员负担,减小了出错的可能.然后通过提炼策略基本属性,设计了基于网络安全系统模型的多层安全策略表示方法,并采用BNF范式描述了策略语法规范,策略表示更加友好.操作性更强.
策略編寫和錶示是策略研究的基礎.噹前策略編寫多直接麵嚮設備和技術,過于依賴管理員的知識和經驗,而忽視瞭應用環境對策略製定的要求和影響,造成策略編寫不完備、易齣錯.為解決這一問題,設計瞭分層網絡安全繫統模型,提齣從繫統建模的角度討論策略生成和錶示,使得策略製定不再跼限于單檯設備或某種安全功能,而是建立在瞭解整箇網絡繫統安全需求的基礎上,一定程度上實現瞭策略的自動生成,保證瞭策略製定的正確性和完整性,降低瞭管理員負擔,減小瞭齣錯的可能.然後通過提煉策略基本屬性,設計瞭基于網絡安全繫統模型的多層安全策略錶示方法,併採用BNF範式描述瞭策略語法規範,策略錶示更加友好.操作性更彊.
책략편사화표시시책략연구적기출.당전책략편사다직접면향설비화기술,과우의뢰관리원적지식화경험,이홀시료응용배경대책략제정적요구화영향,조성책략편사불완비、역출착.위해결저일문제,설계료분층망락안전계통모형,제출종계통건모적각도토론책략생성화표시,사득책략제정불재국한우단태설비혹모충안전공능,이시건립재료해정개망락계통안전수구적기출상,일정정도상실현료책략적자동생성,보증료책략제정적정학성화완정성,강저료관리원부담,감소료출착적가능.연후통과제련책략기본속성,설계료기우망락안전계통모형적다층안전책략표시방법,병채용BNF범식묘술료책략어법규범,책략표시경가우호.조작성경강.
Policy establishment and representation is the base of the policy research.Nowadays,device and technology oriented policy making excessively depends on the knowledge and the experiences, but ignores the requirement and the effect of the application environment.So the policy making is no integrity and liable to make a mistake.To solve the problem,hierarchy network security system model is designed,and the policy making and representation is proposed based on the system modeling,which make the policy making is not limited by the single device and the only one security function.Upon the method,the policy auto making is implemented to some degree and the correctness and the integrity are insured, which decrease the burden of the manager,and the possibilities of the mistaking.According to the refinement of the policy basic attributes,Multi -level policy representation method based on requirement-driven network system model is promoted.Using the BNF normal form to describe the policy grammar specification, policy representation is friendlier and more operable.