Unlock instant, AI-driven research and patent intelligence for your innovation.

Distributed security domain logic boundary protection method

A boundary protection and security domain technology, applied in the field of distributed security domain logic boundary protection, can solve problems such as the difficulty of in-depth inspection of application layer protocol messages, and achieve the effects of simplifying security management complexity, eliminating conflicts, and simplifying complexity

Inactive Publication Date: 2011-01-19
NANJING UNIV OF INFORMATION SCI & TECH
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the method of interception and inspection in connection and the difficulty of in-depth inspection of application layer protocol packets, it is difficult for the firewall to make correct judgments on the potential threats to terminals in the protected network from data or programs transmitted through application protocol packets. Filtration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed security domain logic boundary protection method
  • Distributed security domain logic boundary protection method
  • Distributed security domain logic boundary protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] like figure 1 and 3 As shown, the distributed security domain logic boundary protection technology includes the following steps:

[0026] Step 1: Create a unified security domain management strategy, which mainly includes: creating an information asset identification library, that is, information assets to be protected, identifying their security management attributes according to security management objectives; dividing security domains according to different information asset security attributes, and Set user roles for each security domain, formulate role permissions to associate information assets with role permissions; formulate role mapping strategies for different security domains according to security management objectives, and realize access to information assets across security domains;

[0027] Step 2: Create a security domain management policy server, which provides a user management man-machine interface and is responsible for storing, maintaining and manag...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed security domain logic boundary protection method, comprising the following steps: establishing a unified security domain management strategy; establishing a security domain management strategy server; establishing a security domain user identity authentication server; monitoring a system state and establishing a journal auditing server; realizing positioning of security domain boundary protection probes positioned on different operation system platforms. Base on a security domain boundary control mechanism realized by a distributed architecture technique,the method of the invention realizes checking and controlling whether the flow direction of the information asset spans the security domain or not, and whether the behavior of the information asset causes threat to other security domains or not, thus expanding the security domain protection into the security domain logic boundary from a physical boundary, and realizing deep security monitoring and fine-grained security protection of the information asset on an application layer.

Description

technical field [0001] The present invention relates to a distributed security domain logical boundary protection technology, which realizes the logical boundary division of the security domain based on a unified security domain management strategy, and installs security domain logical boundary protection on hosts located in the security domain based on a distributed architecture Probes to monitor the generation, use, and transmission of various information assets by users in the security domain. At the same time, the security event information generated by each probe generates the overall security situation judgment of the security domain and the tracking and auditing of security events, so as to realize the logical boundary protection of the security domain that meets the security management objectives. Background technique [0002] In traditional security systems, boundary protection is implemented by network firewalls. The use of new network infrastructure (such as wire...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
Inventor 傅德胜周舒韩进
Owner NANJING UNIV OF INFORMATION SCI & TECH