检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:夏春和[1] 魏玉娣[1] 李肖坚[1] 何巍[1]
机构地区:[1]北京航空航天大学虚拟现实技术与系统国家重点实验室,北京100191
出 处:《北京航空航天大学学报》2008年第8期925-929,943,共6页Journal of Beijing University of Aeronautics and Astronautics
基 金:北京教育委员会共建项目建设计划基金资助项目(JD100060517);国家863计划资助项目(2007AA01Z407)
摘 要:目前计算机网络防御研究中缺乏高层且易于细化的策略建模方法,因此在分析Or-BAC模型(Organization Based Access Control model)的基础上,对网络防御控制行为进行抽象,建立计算机网络防御策略模型(CNDPM,Computer Network Defense Policy Model).该模型对保护、检测和响应等策略进行统一建模,并引入角色、视图、活动自动分配的方法,以提高分配的效率,同时给出了策略到规则的推导规则,以细化为具体的防御规则.还给出了策略的完备性、有效性和一致性的形式化描述及分析.实例分析表明,该模型表示的计算机网络防御策略,能够有效地转化为防御规则,具有较好的实用性和扩展性.Recent research on computer network defense is lack of a method which is able to model policy in high level and refine policy conveniently, hence computer network defense policy model (CNDPM) was presented to abstract network defense control behavior on the basis of organization based access control model (Or-BAC). The CNDPM provides a common method to model protection, detection and response policy, and introduces automatic assignment mechanism of role as well as view and activity to improve efficiency, also pro- vides derivation principles to refine policy to concrete defense rule. Moreover, completeness, validity and consistency of policy are studied through formal analysis. The example shows that computer network defense policies modeled by CNDPM can be refined to defense rules conveniently and efficiently. The CNDPM model is characterized by good expansibility and practicability.
关 键 词:计算机网络防御(CND) 策略 PPDR模型 细化
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.42
