摘要
基于策略的安全防护技术是当前网络安全研究的重点,但适于网络环境的安全策略应用机制还很不完善。本文全面分析了实施基于策略的网络安全防护应用系统的要求,提出了一种将安全策略、安全防护行为、网络应用逻辑三者相互独立又有机结合的安全策略防护框架。针对网络应用的行为及其状态特征综合分析了应用系统、安全策略及安全防护行为的形式化描述,制定了网络应用逻辑的监控机制和基于事件驱动的策略执行算法,实现了用策略动态控制应用系统行为的目的,增强了安全防护的灵活性和扩展性。
The policy-based security technology is a key to the current network security research, though the mechanism to apply security policies in networks is not very perfect, By analyzing the requirements of policy implemention in the application of network security, this paper introduces a system framework for network security, which incudes security policy, security precaution action and network application logic and puts forward a formal description of security policy, security precaution action and application of network according to the characteristics of the statcs and actions of the applications in networks. Then this paper proposes a monitoring mechanism of application logic and the algorithms for event-driven policy enforcement, and obtains the goal of controling network actions according to the policies, enhancing the flexibility and sealability of security.
出处
《计算机工程与科学》
CSCD
2007年第6期7-9,50,共4页
Computer Engineering & Science
关键词
安全策略
中间件
安全防护行为
系统框架
security policy
middleware
security precaution action
system framework