Ponder Language Research And The Application In Firewall Policy Management

The core of policy-based management is policy-driven management processes. So it is an explicit and precise specification, and the applicable policy-described language is a key object studied in the area of policy management. The objective of this thesis is to study security policies by starting from policy languages, a top layer of security policies in the background of complicated network security, high degree of difficult protection, and uncompleted unique standards; and try to make security policies be realized completely and precisely; meet the requirements of network security continuously; and provide an evidence for the solution and implementation of network security.This thesis begins with the general concepts of policy languages and frequently used descriptive languages, and then focuses on the analysis of basic policies and combined policies of Ponder language. The thesis analyses their advantages and disadvantages of the policies from three different aspects. At the final, the conclusion is given that the Ponder policy language, which is still in the stage of newly academic research currently, possesses strong expression, flexibility and extension, and it is suitable for security management policies, but it is insufficient in describing the policies for detection, response and recovery.The core of the thesis proposes the extension of Ponder and its application in Firewall system. There are two aspects in the extension of Ponder: the first is the improvement for the framework of original information model; the second is the further extension of configuration policies, policy of policy and self-adjusting policies, which enables the automatic protection and self renewing of policy management system in a better way. Meanwhile, the thesis discusses the application of Ponder in the policy management of Firewall system. First of all, the framework of Firewall policy management system based on Ponder is given; then Ponder is used to describe Firewall policy; finally the conclusion is drawn that Ponder is an object-oriented language that is suitable for security and management policies, and it can meet the requirements of Firewall systems in practice, improve the functionalities of Firewall system efficiently, and provide a solution of describing security policies for network security.In order to construct a solid network security . framework, we should also give a more extensive and further study into the key technology of the policy language architecture. This thesis proposes the tendency of the research in the future.