Information Technology Reference
In-Depth Information
DefenseAction: It is an atomic defense action leading to state change. Defense
actions include permit action
da
and deny action
da
of firewall, the
permit
deny
permission Encryption action
da
of IPsec VPN, backup action
da
and
permit
_
crypt
backup
rebuild action
da
of backup server, user authentication action
da
authenticate
, making
rebuild
patch action
da
and rebooting and shutdown action of system management
makepatch
server, alerting action
da
of IDS, scan action
da
of vulnerability scan
alert
vulscan
server.
PolicyRelation: It denotes time series and logic relations among operational-level
policies including sequence and, sequence or, parallel and, parallel or. It is equivalent
to the means relation.
Context: It means a concrete environment in which we can deploy some means in
domain, such as a concrete vulnerability (its vulnerability number is CVE-2002-0073),
intruding event (DoS attacking).
The refinement relations of elements between goal-level and operational-level are
defined as follows:
{,
R
=
RS RU RT RR RA RDD RC RP
,
,
,
,
,
,
}
RS
⊆×
Role
Domain
×
SNode
representing refinement from role that belongs to
a domain of source node;
RU
⊆×
leU r
representing refinement from the role of user;
RTT t
⊆
arg
×
Dom inTN e
×
representing refinement from target that be-
longs to a domain of target node;
arg
RR
⊆
T
et
×
Re
source
representing refinement from target to resource;
representing refinement from activity to action;
RA
⊆
Activity
×
Action
⊆ × × representing refinement from
defense means to defense action and defense entity;
RC
RDD
Means
DefenseAction
DefenseEntity
representing refinement from context type to con-
⊆
ContextType
×
Context
text
,representing refinement from
MeansConstraints to PolicyRelation; In this paper, PolicyRelation is equivalent to
MeansConstraints.
RP
⊆
MeansConstra
int
s
×
Policy
Re
lation
4
The Algorithm of Computer Network Defense Policy
Refinement
Based on our computer network defense policy refinement model, we first constructed
a defense policy refinement repository that includes network situation information and
refinement rules. Then, we designed a CND policy refinement algorithm combined
with defense policy refinement repository.
1. Repository of CND policy refinement. The repository includes network situation
information and policy refinement rules. They are created with MySQL database.
Network situation information includes domain information that divides organization
and forms a hierarchy structure; it also includes nodes information that describes the
