Research On The Framework Of Computer Security Status Inspection System

In the situation that security issues are getting more serious and the types of computer security threats tend to be more complex, a single specific field of information security products can no longer provide effective and comprehensive protection for computers and networks. Currently available computer security integrated control systems, which are based on Trusted Network Connect Architecture, have been capable of integrating various security products. However, most of these systems lack the flexibility of configuring the system and the specifically defined rule engine workflow model, thus creates a limitation to the new computer threats analysis, extensibility and compatibility of other security products. Therefore, the creation of a configurable rule-based framework for computer inspection system is necessary.In this situation, this paper proposes to solve these problems with the framework of computer security status inspection system based on finite state automaton. The work flow of computer security status inspection is configurable according to requirements. The framework is able to assess the security status of the computer system and perform network quarantine. All these features make the inspection system compatible to network environment properly with its flexibility.First, we analyzed the computer system risks and classify them, refined the risk catalog into a subset that can be handled by the framework, which is the initial input of design. We also initially defined the features of the framework, which are the start point of analysis and design.Then, we performed the requirements analysis using use case technique. The realization of use cases was modeled through class diagrams and sequence diagrams, and operations of classes were defined precisely based on the finite state automaton. Comparing to the normal method, the use case modeling combined with the finite state automaton based description has better consistency and unambiguity.After that, we designed the framework from multi-dimensional views, including hierarchical view, static logical view, dynamic logical view, process view, and deployment view. During the design phase for the framework, it was taken into account that the framework will be used in different network environments. Therefore, the framework of computer security status inspection system is designed with Open-Close principle by applying the separation of core and component style. The framework could work well in different network environments with good compatibility and flexibility based on the user realization of application components. In addition, in order to ensure the readability of data and the convenience of migration, the XML format file was chosen for the framework data storage.Finally, the function test and the stress test were performed on the framework. We have applied the framework in a real product. It showed that the framework can improve the compatibility of the inspection system, and enhance the efficiency of the inspection system development. It also proved that the framework is capable to meet common organizational needs.