The Research And Implementation Of Policy Refinement And Decision Making Mechanism Based On Security Level

With the constant development and popularization of Internet, Network security problems have become increasingly prominent. Policy-based network security protection is the main development direction of current network security technology. However, the security policy refinement has never been satisfactorily resolved. So far, much research on policy refinement still focuses on the discussions about KAOS (Knowledge Acquisition in Automated Specification) goal refinement and entity refinement methods. But all of these methods lack mechanism which could make decision for a variety of policy refinement ways on same policy layer.Aimed at the decision making problem in policy refinement, considers both vertical process of policy refinement and horizontal process of decision making on the basis of policy hierarchy theory, brings the policy security level, which is the clue of the decision making, into the process of policy refinement, designed a mechanism for policy refinement and decision making based on security level. Analyzed the KAOS goal refinement and entity refinement, and discussed the operation and implementation of the policy refinement and decision making based on security level. Provides exact and flexible policy refinement and decision making mechanism in the range of security level which the system permits, greatly supports the security policy automatic execution and implementation in the research on policy-based security defense.In the real application environment of online marking system, analyzed all the security problems that may be faced with and the overall security needs, made a comprehensive network security protection scheme, and used XML (Extensible Markup Language) to describe the security policy of all layers. Analyzed the relationship of the security level between system and policy, specify the concrete process of policy refinement and decision making based on security level. Provide examples for the transform from abstract security goal to concrete policy rules.The implementation in the online marking system demonstrates that, the mechanism of policy refinement and decision making could goodly used into concrete network security protection. Keeps overall security of the system, and improves the flexibility of the network security management...