A Method for Mapping Internet Security Control Policy Rules
A technology of security control and mapping method, applied in the field of network security, can solve the problems of free description of business rules, difficult to expand, and many business rules, achieve simple and effective management methods, and achieve the effect of expansion and reuse
Active Publication Date: 2020-07-24
BEIJING UNIV OF POSTS & TELECOMM
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, there are still some areas that need to be improved and optimized in the management of business rules at present, such as hard binding of business rules and system functions, numerous and complex business rules, free and inconsistent description of business rules
This management method will lead to a series of problems, such as difficult to configure, difficult to maintain, difficult to expand, difficult to customize, difficult to reuse, difficult to control and difficult to understand, etc.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0035] The present invention will be further described in detail below in conjunction with the accompanying drawings.
[0036] The invention discloses a method for mapping security control policy rules for internetwork interconnection. The security control policy discussed can be regarded as a business rule applied in the security field, and the security rule is the target rule corresponding to the security control policy. Define the security control policy through Backusian Form, lexical analysis, syntax analysis, semantic analysis and security rule paradigm matching to complete the conversion of security control policy to XML form of security rules, and finally use the security rule generator to generate an executable that matches the target service A command or code for a security rule.
[0037] The present invention adopts a layered architecture design, and divides the mapping process into three layers: a presentation layer, a mapping matching layer, and a rule generation ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention discloses an internetwork interconnection safety control strategy rule mapping method, belonging to the field of network safety. The method comprises the steps of: completing mapping from a subnet name to a subnet network section in an object mapping database to perform strategy edition, and generating a safety control strategy after edition; reading the safety control strategy by a morphological analysis module, sending the safety control strategy to a grammatical analysis module to identify keywords, generating corresponding phrases to execute reading operation, fillingin corresponding nodes to generate corresponding concrete ASTs; mapping the subnet name to a network section value by the semantic analysis module to replace the content of the subnet name nodes in the concrete AST and generate an AST with semantics; converting the AST with semantics; to a safety rule in an XML form by a safety rule normal form matching module; and converting the safety rule in the XML form to executed rule codes or commands by a safety rule generator to complete mapping. The internetwork interconnection safety control strategy rule mapping method solve the problems that business workers are difficult to configure, maintain, control and understand for the rules and achieve a simple and effective management mode.
Description
technical field [0001] The invention belongs to the field of network security, and in particular relates to a method for mapping security control strategies and rules of Internet interconnection. Background technique [0002] The existing space-ground integrated network is shared by the military and civilians, but the network security domains are highly differentiated, making it difficult to control the security of interconnection between networks. It is an effective means to achieve fine-grained security protection and defense through the security control strategy of Internet interconnection. The Internet security control strategy is designed based on human cognition, risk assessment, and vulnerability analysis. The control strategy is specific to the rules that can be operated, and it is necessary to propose an effective and intelligent mapping method that automatically maps from the Internet security control strategy to the control rule. [0003] Various network service...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/20
Inventor 陆月明陈小雨罗雪婷
Owner BEIJING UNIV OF POSTS & TELECOMM