Information Technology Reference
In-Depth Information
MeansConstraints: Meansconstraints means time series and logic relations between
defense means including sequence and, sequence or, parallel and, parallel or. They are
shown as follow:
{
}
R r r r r r
In brief, we assume that there are only two means in one composition policy goal.
{
=
,
,
,
,
means
seq and
_
seq or
_
concu and
_
concu or
_
xor
. Each relation is explained separately as follows:
}
Means
=
mean
,
mean
1
2
r
(
)
: If
seq
_
and
mean
,
mean
, it denotes that the
mean is executed
seq and
_
1
2
1
first. If the executing effect of
mean is executed. Only if
both means are successfully completed can we say the policy goal is completed
successfully.
mean is true, the
1
2
r
(
)
: If
seq or mean
_
,
mean
, it denotes that the
mean is executed first. If
seq or
_
1
2
1
the executing effect of
mean is true, the
mean does not need to be executed. If
1
2
the executing effect of
mean must be executed. Whether the
policy goal is completed successfully or not depends on the success of
mean is false, the
1
2
mean or
1
mean .
2
(
)
r
: If
concu and
_
mean
,
mean
, it denotes that both
mean and
mean
concu and
_
1
2
1
2
are executed at the same time. If the effects of
mean and
mean are true, we can
1
2
say that the policy goal is successfully accomplished.
r
(
)
: If
concu or mean
_
,
mean
, it denotes that both
mean and
mean
concu_ or
1
2
1
2
are executed at the same time. Only if there is a true executed effect between
mean
1
and
mean , can we say that the policy goal is successfully accomplished.
2
r
(
)
: If
xor mean
,
mean
, it denotes that there exists one executing means
xor
1
2
between
mean . Whether the policy goal is completed successfully
depends on the true effect of
mean and
1
2
mean .
ContextType: It is a set of contexts with common characteristics. It is divided into
two classes including vulnerability
mean or
1
2
ct .
The meaning of the elements at the operational level are explained as follow:
SNode: It denotes a host node in which a user initiates an operation to resource.
TNode: It denotes a host node in which the resource exists.
User: It denotes people who can initiate an operation.
Resource: It denotes an entity that needs protection, such as the instance of the data,
operation system, service, application program, and data.
Action: It denotes a change that cannot be subdivided, such as the actions of adding,
deleting, and changing corresponding to operating activity; the actions of sending,
receiving, requesting and replying corresponding to transferring activity.
DefenseEntity: It means security device that can executed as defense action. It
denotes in device number. Defense entity includes firewall
ct
and event
vul
event
de
, IPsec VPN
firewall
de
, backup server
de
, system management server
de
,
ip
sec_
vpn
backup
_
server
sysmanage
_
server
IDS
de
, vulnerabilities scan server
de
.
int
rude
det
ect
vul
_
server
Search WWH ::




Custom Search