Transition consistency verification method of computer network defending strategy

A computer network and verification method technology, applied in the field of computer network security, can solve problems such as inability to locate, inaccurate judgment of consistency, logical errors, etc., to achieve the effect of accurate analysis and positioning, and improve the efficiency of verification

Inactive Publication Date: 2013-05-22
BEIHANG UNIV
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (2) At present, the consistency detection model based on colored Petri nets can only verify whether the system has logical errors, but cannot locate the cause of the error
Moreover, the state explosion problem of colored Petri nets limits the network size that he can ver...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Transition consistency verification method of computer network defending strategy
  • Transition consistency verification method of computer network defending strategy
  • Transition consistency verification method of computer network defending strategy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The invention adopts the SMT-based satisfiability solution theory to model the strategies and measures in the computer network defense, and then performs consistency verification on the two. If the structure is satisfiable, it indicates that there is an inconsistency between the strategy and the measure. The counterexample can be obtained by using the derivation rules, and the position, type and reason of the inconsistency can be obtained through further analysis.

[0029] 1. Automaton description

[0030] According to the conceptual model of the consistency analysis of computer network defense strategy transformation given before, the automaton model of the consistency analysis of computer network defense strategy transformation is constructed, in which the state transition function of the automaton model is derived from the activities in the conceptual model Each state is composed of all the values ​​of the entity concept at a certain moment. The model is represented...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Disclosed is a transition consistency verification method of a computer network defending (CND) strategy. The steps are as follows: (1) strategy preprocessing is firstly carried out; the input strategy description files and topology description files are analyzed through a lexical analyzer and a grammar analyzer generated by a lex (lexical analyzer)/yacc (yet another compiler compiler) tool, and a data package range of processing actions of each kind is obtained. A corresponding subject and a corresponding object are elaborated; (2) then measure preprocessing is carried out: the input measure description files are analyzed through the lexical analyzer and the grammar analyzer generated by the lex/yacc tool so as to confirm a protection domain managed by the equipment, irrelevant configuration rules are removed, and the data package range processed by the regulated actions is taken out; (3) data package ranges of actions of various kinds are formed in logical expressions, and the logical expressions correspond to related safety equipment. Solving of a property decision tool Yices can be met by propositional logic, all the data package ranges are browsed, and whether redundancy or deficiency of the measures exists is detected.

Description

technical field [0001] The invention belongs to the technical field of computer network security, specifically a method for verifying the consistency between high-level strategies and bottom-layer equipment measures in computer network defense, and extends the idea of ​​consistency analysis from firewall rules to computer network defense strategies Environment. Background technique [0002] Computer network defense strategy refers to the rules for computer network and information systems to choose defense measures according to certain conditions in order to achieve specific security goals. With the increasing frequency of attacks on large-scale networks and information systems, the research on network security has entered the stage of dynamic defense. Policies have always played an important role in the management of security devices, influencing and guiding the configuration of security measures. Usually, policies are abstract cognitions based on human thinking and cannot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F17/50G06F21/55
Inventor 夏春和罗杨魏昭邱雪梁晓艳
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap