èŠ‚ç‚¹æ–‡çŒ®

ç½‘ç»œå®‰å…¨ç–ç•¥ç›‘æŽ§æ¨¡åž‹åŠå…³é”®æŠ€æœ¯ç ”ç©¶

Research of Network Security Policy Monitoring Model and Key Technologies

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ å½å†›ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ è§£æ”¾å†›ä¿¡æ¯å·¥ç¨‹å¤§å¦ ï¼Œ è®¡ç®—æœºåº”ç”¨æŠ€æœ¯ï¼Œ 2009ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ è¿‘å¹´æ¥,éšç€å®‰å…¨ç®¡ç†çš„å‘å±•,å®‰å…¨ç–ç•¥ç®¡ç†å·²æˆä¸ºç ”ç©¶çƒç‚¹ã€‚ç›®å‰,é’ˆå¯¹å®‰å…¨ç–ç•¥ç®¡ç†,ç ”ç©¶è¾ƒå¤šçš„åˆ™æ˜¯åœ¨ç–ç•¥ç»Ÿä¸€æè¿°ã€ç–ç•¥ç¿»è¯‘ä»¥åŠç–ç•¥å†²çªæ£€æµ‹ä¸Žæ¶ˆè§£ç‰æ–¹é¢ã€‚ç„¶è€Œ,éšç€ç ”ç©¶çš„æ·±å…¥,ä¹Ÿéœ€è¦å¯¹ç–ç•¥ç›‘æŽ§æŠ€æœ¯è¿›è¡Œç ”ç©¶,ä»¥äº†è§£ç–ç•¥åœ¨ç³»ç»Ÿä¸çš„é…ç½®æƒ…å†µä»¥åŠç–ç•¥ä¸‹å‘åˆ°è®¾å¤‡ä¹‹åŽçš„æ‰§è¡Œæƒ…å†µ,è¿›ä¸€æ¥ä¿è¯ç–ç•¥ç®¡ç†ç³»ç»Ÿçš„å¯é è¿è¡Œã€‚å› æ¤,ä½œä¸ºå®‰å…¨ç–ç•¥ç®¡ç†ç³»ç»Ÿçš„é‡è¦ç»„æˆéƒ¨åˆ†,ç–ç•¥ç›‘æŽ§æŠ€æœ¯æˆä¸ºäº†ç›®å‰ä¹ƒè‡³ä»ŠåŽä¸€æ®µæ—¶æœŸå†…ç–ç•¥ç®¡ç†å‘å±•çš„åˆä¸€é¡¹å‰æ²¿æŠ€æœ¯ã€‚æœ¬æ–‡é’ˆå¯¹ç–ç•¥ç›‘æŽ§æŠ€æœ¯æ¶‰åŠçš„ç›¸å…³å†…å®¹è¿›è¡Œäº†æ·±å…¥çš„åˆ†æžå’Œç ”ç©¶,ä¸»è¦çš„å·¥ä½œå¦‚ä¸‹:1.å¯¹ç–ç•¥çš„æ•´ä¸ªç”Ÿå‘½å‘¨æœŸä½œäº†åˆ†æžå’Œæ€»ç»“,æå‡ºäº†ç–ç•¥é…ç½®çŠ¶æ€ä¸Žç–ç•¥æ‰§è¡ŒçŠ¶æ€ä¸¤ä¸ªæ¦‚å¿µ,å¼•å…¥æœ‰é™çŠ¶æ€è‡ªåŠ¨æœºç†è®º,è¿ç”¨åˆ°ç–ç•¥çŠ¶æ€è½¬æ¢è¿‡ç¨‹ä¸,å»ºç«‹äº†ç–ç•¥ç›‘æŽ§æ¨¡åž‹,å¹¶è¿›ä¸€æ¥æ˜Žç¡®äº†ç–ç•¥ç›‘æŽ§çš„ç›®çš„å’Œä»»åŠ¡,å¥ å®šäº†å¯¹ç–ç•¥å…¨ç”Ÿå‘½å‘¨æœŸçš„ç”Ÿå˜çŠ¶æ€è¿›è¡Œç›‘æŽ§çš„ç†è®ºåŸºç¡€ã€‚2.é’ˆå¯¹ç–ç•¥ç›‘æŽ§æ¨¡åž‹,æå‡ºäº†åŸºäºŽæ¶ˆæ¯é€šé“çš„ç–ç•¥ç›‘æŽ§æœºåˆ¶â€”â€”åŸºäºŽåŒé˜Ÿåˆ—çš„ç»„ç»‡æœ‰æ•ˆé˜²æ¢äº†æ¶ˆæ¯ä¹±åº,å¹¶ä½¿ç”¨ç»Ÿä¸€çš„ç›‘æŽ§æ¶ˆæ¯æ ¼å¼å’Œæ¶ˆæ¯é€šé“è¿›è¡Œå°è£…å¹¶æŽ’é˜Ÿ,å±è”½äº†ä¸åŒç³»ç»Ÿè®¾å¤‡çš„æ•°æ®å·®å¼‚,èŽ·å–ç›‘æŽ§äº‹ä»¶æ•°æ®,æé«˜äº†ç›‘æŽ§çš„æ•ˆçŽ‡ã€‚3.é€šè¿‡å¯¹å®‰å…¨ç–ç•¥çš„ä¸¤é˜¶æ®µæ‰§è¡Œè¿‡ç¨‹çš„ç ”ç©¶,æå‡ºäº†åŸºäºŽåŒç‚¹æ£€æµ‹çš„ç–ç•¥æ‰§è¡Œç›‘æŽ§æ•°æ®é‡‡é›†æ–¹æ³•,å®žçŽ°äº†å¯¹ç–ç•¥æ‰§è¡ŒçŠ¶æ€æ•°æ®çš„æ•èŽ·;é’ˆå¯¹ç–ç•¥ç›‘æŽ§çš„è¿œç¨‹éœ€æ±‚,é‡‡ç”¨BEEPåè®®æ¡†æž¶è¿›è¡Œæ‰©å±•,è®¾è®¡äº†ç–ç•¥ç›‘æŽ§æ•°æ®ä¼ è¾“åè®®PMDTP(Policy Monitoring DataTransort Protocol),è§£å†³äº†ç–ç•¥ç›‘æŽ§æœºåˆ¶ä¸çš„ä¸¤ä¸ªå…³é”®æŠ€æœ¯ã€‚4.åŸºäºŽæœ¬æ–‡æå‡ºçš„ç–ç•¥ç›‘æŽ§æœºåˆ¶ä¸Žç›¸å…³æŠ€æœ¯æ–¹æ³•,å¯¹ç–ç•¥ç›‘æŽ§çš„åŽŸåž‹ç³»ç»Ÿè¿›è¡Œäº†è®¾è®¡å®žçŽ°ã€‚ç»¼ä¸Šæ‰€è¿°,æœ¬æ–‡è®¾è®¡äº†åŸºäºŽMealyè‡ªåŠ¨æœºçš„ç–ç•¥ç›‘æŽ§æ¨¡åž‹ä»¥åŠåŸºäºŽæ¶ˆæ¯é€šé“çš„ç–ç•¥ç›‘æŽ§æœºåˆ¶,å¹¶è§£å†³äº†å…¶ä¸æ¶‰åŠçš„å…³é”®æŠ€æœ¯,ä¸€æ–¹é¢ä¸ºç–ç•¥ç›‘æŽ§å‰æ²¿æŠ€æœ¯çš„ç ”ç©¶å¥ å®šäº†ç†è®ºåŸºç¡€,å¦ä¸€æ–¹é¢,ä¸ºæž„å»ºä¸€ä½“åŒ–çš„å®‰å…¨ç–ç•¥ç®¡ç†ç³»ç»Ÿæä¾›äº†æœ‰ç›Šçš„æŠ€æœ¯æ”¯æŒã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the development of the security management, security policy management becomes a hotspot in the research of imformation security. Otherwise, few people concerned the research of the policy monitoring technology, which is one of the most important components in the policy management that guarantee the whole security of the system.The monitoring technology has been wildly used in the network management and the resourse management. Therefore, the policy monitoring technology will be a hotspot of the policy research in the future.In this paper, we study the policy and the content interralated of network security devices to solve the policy monitoring problem. The main works of this paper are as follows:1. Propose the states translation theory in the whole life of the policy. Build a policy monitoring model based on the FSA. According to the policy lifecycle and the FSA theory, we build the policy states translation model, which provides us the academic guidance for the study.2. Design the common monitoring message channel for the phase of policy monitoring which can be used for the capture of the monitoring events. Then the policy states can be changed or the illegal events would be alarmed to the manager.3. Propose a double spots detection mechanism for the policy working states monitoring for the acquisition of the policy enforment data; and a transport protocol is designed for the monitoring data transporting based on BEEP, which settled the teledataâ€™s transportting to the policy monitoring platform.4. Based on the research above, we design and implement the policy monitoring prototype system PMS.Policy monitoring technology is a new field in the policy theory. According to the need of the project, we study on the policy monitoring in the policy management system, which provide theoretical and technical supports for constructing security environment.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ç–ç•¥ç›‘æŽ§ï¼› ç–ç•¥çŠ¶æ€ï¼› è‡ªåŠ¨æœºï¼› æ¶ˆæ¯é€šé“ï¼› æ¶ˆæ¯ä¹±åºé¢„é˜²ï¼› åŒç‚¹æ£€æµ‹ï¼› ç–ç•¥ç›‘æŽ§æ•°æ®ä¼ è¾“åè®®ï¼›
ã€Key wordsã€‘ Policy Monitoringï¼› Policy Stateï¼› Finit State Automataï¼› Message Channelï¼› Message Confilict preventingï¼› Double Spots Dectectionï¼› Policy Monitoring Data Transport Protocolï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ è§£æ”¾å†›ä¿¡æ¯å·¥ç¨‹å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘166
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

ç½‘ç»œå®‰å…¨ç­–ç•¥ç›‘æŽ§æ¨¡åž‹åŠå…³é”®æŠ€æœ¯ç ”ç©¶

Research of Network Security Policy Monitoring Model and Key Technologies

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

ç½‘ç»œå®‰å…¨ç–ç•¥ç›‘æŽ§æ¨¡åž‹åŠå…³é”®æŠ€æœ¯ç ”ç©¶