A Policy Description Language Based On XML And Its Application

Along with the penetration of computer networks to various fields of the community, more and more research focuses on the network security, and policy-based security management is a hot issue in this area. Policy description language, which is one of the core parts of the policy-based security management system, is still lack of a common standard. The study on a universal policy description language standard, and use it as a basis of the research on the application of policy-based security management system, is of great realistic significance to the research of network security.Based on the analysis of the key technologies of policy-based security management, integrate the requirement of policy description language and the advantage of XML (Extensible Markup Language), bring a policy description language standard based on XML named XBPL(XML-Based Policy description Language). Take the availability and flexibility of policy, the consistency of description as the principle, design the overall architecture of XBPL, define its basic elements, expound the function and grammar of the three basic security policy and three composite security policy, and discuss the implementation of the exception handling.Based on the particular definition of XBPL, through the analysis of the operation processes and the security requirements of the network exam-paper marking system, introduce the policy-based security management technologies and XBPL into the network exam-paper marking system. Design a distributed multi-level security management architecture, and effectively raise the dynamic ability to adjust security subsystem. Based on this architecture, use XBPL to describe the entities of the system and their security requirements, use the authorization policy to achieve safe access control, use the obligation policy to achieve the definition of the duty of the users, use the authentication policy to achieve the certification of the users. The application of XBPL in the network exam-paper marking system shows that the policy-based security management technologies can meet the security requirements of the network exam-paper marking system, in addition to ensuring the safety of the system, it also has good flexibility, and it has very good promotional value.