Research On Technology Of Policy Conflict Detection And Resolution For Classified Information System

With the development of classified security protection of information system, interconnection, intercommunication and interoperation among different information systems are becoming the central and difficult issue. Therefore, research on how to ensure the consistency of security policy in classified information system is a critical issue and urgently needed.This paper explores deeply into technologies of security policy conflict detection and resolution for classified information systems. The main work is as follows:1. The formal description of security policy in classified information system is expressed. Aiming at resolving the diversity of security policy description in classified information system, this paper formally expresses the security policy in classified information system, through describing the key element of security policy clearly and accurately. The formalization can resolve the flexibility and expansibility of security policy description, and lays a consistent syntax foundation for security policy conflict detection and resolution oriented to classified security protection.2. A security policy ontology for classified information systems is constructed. Focused on the problem of semantic isomerism of security policy among classified information systems, this paper constructs security policy ontology for classified information system. The ontology can clarify the knowledge structure of security policy, providing a consistent semantic foundation for security policy conflict detection and resolution oriented to classified security protection.3. Based on rules inference, an algorithm for security policy conflict detection is proposed. Focused on the problems occurred when applying existing security policy conflict detection technologies to the classified information system, this paper defines and classifies security policy conflict in classified information system, makes conflict detection rules based on policy ontology for each kind of policy conflicts, and presents the security policy conflict detection algorithm based on rules inference. The experimental results show that this algorithm can effectively detect all kinds of security policy conflicts in classified information system.4. Based on rules modification, an algorithm for security policy conflict resolution is proposed. Aiming at resolving the problem of the existing technologies'lacking of flexibility and validity, this paper proposes a rule modification based security policy conflict resolution algorithm, through defining five security policy rules modification algorithms and making conflict resolution rules based on security policy ontology for each kind of policy conflicts. The experimental results show that the algorithm can automatically resolve security policy conflicts and has high flexibility. On the one hand, the above work establishes the theoretical foundation for security policy of classified information system. On the other hand, through accomplishing the above work, the safe running of classified information systems can be guaranteed.