北京航空航天大学学报 ›› 2008, Vol. 34 ›› Issue (8): 925-929.

• 论文 • 上一篇    下一篇

计算机网络防御策略模型

夏春和,魏玉娣,李肖坚,何巍   

  1. 北京航空航天大学 虚拟现实技术与系统国家重点实验室, 北京 100191
  • 收稿日期:2007-09-06 出版日期:2008-08-31 发布日期:2010-09-17
  • 作者简介:夏春和(1965-),男,江苏海安人,教授,xch@buaa.edu.cn.
  • 基金资助:

    北京教育委员会共建项目建设计划基金资助项目(JD100060517); 国家863计划资助项目(2007AA01Z407)

Computer network defense policy model

Xia Chunhe, Wei Yudi, Li Xiaojian, He Wei   

  1. State Key Laboratory of Virtual Reality Technology and System, Beijing University of Aeronautics and Astronautics, Beijing 100191, China
  • Received:2007-09-06 Online:2008-08-31 Published:2010-09-17

摘要: 目前计算机网络防御研究中缺乏高层且易于细化的策略建模方法,因此在分析Or-BAC模型(Organization Based Access Control model)的基础上,对网络防御控制行为进行抽象,建立计算机网络防御策略模型(CNDPM,Computer Network Defense Policy Model).该模型对保护、检测和响应等策略进行统一建模,并引入角色、视图、活动自动分配的方法,以提高分配的效率,同时给出了策略到规则的推导规则,以细化为具体的防御规则.还给出了策略的完备性、有效性和一致性的形式化描述及分析.实例分析表明,该模型表示的计算机网络防御策略,能够有效地转化为防御规则,具有较好的实用性和扩展性.

Abstract: Recent research on computer network defense is lack of a method which is able to model policy in high level and refine policy conveniently, hence computer network defense policy model (CNDPM) was presented to abstract network defense control behavior on the basis of organization based access control model (Or-BAC). The CNDPM provides a common method to model protection, detection and response policy, and introduces automatic assignment mechanism of role as well as view and activity to improve efficiency, also provides derivation principles to refine policy to concrete defense rule. Moreover, completeness, validity and consistency of policy are studied through formal analysis. The example shows that computer network defense policies modeled by CNDPM can be refined to defense rules conveniently and efficiently. The CNDPM model is characterized by good expansibility and practicability.

中图分类号: 


版权所有 © 《北京航空航天大学学报》编辑部
通讯地址:北京市海淀区学院路37号 北京航空航天大学学报编辑部 邮编:100191 E-mail:jbuaa@buaa.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发