Research On Key Technologies For Security Policy In The Distributed System Environment

Distributed system security is one of the key areas of current information security research. Distributed system security policy, generally, is managed by separated and decentralized applications. But it could not meet the information security requirement as a whole and coordinated management due to the diversity and complexity of the policy. How to build an efficient, coordinated, unified security policy mechanism and how to enhance the overall safety management system capability are one of the important information system tasks. A number of key technologies of distributed system security policy were researched in this paper, including:distributed security policy framework and representation, distributed security policy generation method, distributed security policy scheduling and integration method, distributed security policy implementation and management method.Major works of this paper are listed as below:Firstly, with IETF policy framework and COSO reference model, this paper presented a framework and a risk-based control model for distributed security policy. Through quantification of key risk factors to identify the main risks and to achieve risk controls.By defining the key elements of security policy, the paper presented a representation method related to XML based on security policy. It described the safety control process by assigning the associated XML representation to make the security policy to be more universal, easy to understand and simple in form.Secondly, considered an example of the security policy that generated under the IPSec environment, it described its problems. Trough proposing a policy engine for the existing IPSec infrastructure, it improved the security policy implementation. Based on this, the theory of machine learning was induced into IPSec policy generation method. An improved ID3 algorithm based on the importance factorλof attributes was raised, which can improve the security policy generation method, and distinguish the importance of the different attributes, and avoid the defects of the traditional ID3 algorithm inclining to the attribute with more values. The method resolves the problems that how to generate auto-corresponding security policy due to the diversity of network security. Thirdly, this paper presented a scheduling method based on a pretreatment device. It achieved the service requests of the dynamic scheduling pretreatment, and it raised the efficiency and appropriateness of the task scheduling. The paper also presented an integration method of distributed security policy. It improved the centralization and the integration of system. Through the introduction of information integration module, it achieved the unified and collaborative management in relation to security policy services, interfaces and parameters, and reduced the coupling between the applications, and improved the maintainability and security of the security policy management.Finally, this paper presented a deployment method of the centralized security policy. The scattered security policies in various applications were unified and managed centrally to raise the efficiency of the centralized management and to meet the requirement of integrity and interoperability for the security management under the current distributed environment. Through the case of implementation of the security policies, a centralized system security policy framework and functional structure were established to provide the security policy implementation and recommendations.