Information Technology Reference
In-Depth Information
Fig. 6.
The control platform results of the packet denying from attacker
6
Conclusions
The existing security policy refinement methods and model are not constructed on the
grounds of computer network defense. Thus they can only support the refinement of
access control policy, but not the refinement of defense policy, such as the policies of
IDS, backup, and recovery. For this reason, we proposed a method for computer
network defense policy refinement. This method extends the existing security policy
refinement model and supports the refinement of defense policy such as protection,
detection, response and recovery. We constructed a defense policy refinement model
and its formalism description. Based on the policy refinement model, we designed an
algorithm of computer network defense policy refinement. We conducted two
experiments and verified the effectiveness of this method. Compared with other policy
refinement methods in reference [12-14], our method not only supports the refinement
of access control policy, but also the defense policy including protection (i.e., access
control, user authentication, encryption communication, backup), detection (i.e.,
intrusion detection, vulnerabilities detection), response (i.e., system rebooting,
shutdown) and recovery (i.e., rebuild, patch making).
Acknowledgment.
This work is supported by the following funding sources: the
National Nature Science Foundation of China under Grant No. 61170295, the Project
of National ministry under Grant No.A2120110006, the Co-Funding Project of Bei-
jing Municipal education Commission under Grant No.JD100060630 and the Project
of BUAA Basal Research Fund under Grant No.YWF-11-03-Q-001.
References
1.
Zeng, H., Ma, D.F., Li, Z.Q., Zhao, Y.W.: A Policy-Based Architecture for Web Services
Security Processing. In: 2012 IEEE Ninth International Conference on e-Business Engi-
neering (ICEBE), pp. 163-169. IEEE Press (September 2012),
doi:10.1109/ICEBE.2012.35
2.
Loyall, J.P., Gillen, M., Paulos, A., et al.: Dynamic policy-driven quality of service in ser-
vice-oriented information management systems. Software-Practice & Experience 41(12),
1459-1489 (2010), doi:10.1109/ISORC.2010.13
3.
Luo, X., Song, M., Song, J.: Research on service-oriented policy-driven IAAS manage-
ment. The Journal of China Universities of Posts and Telecommunications 18, 64-70
(2011), doi:10.1016/S1005-8885(10)60208-7
4.
Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE
Journal
on
Selected
Areas
in
Communications 11(9),
1404-1414
(1993),
doi:10.1109/49.257932
