Research On Security Control Of Multi-domain Interconnection Based On Policies

The integrated space and ground information network has the characteristics of cross-network,cross-domain,and heterogeneous user group integration.There is a need for interconnection between multi-domain networks,and it also brings information security risks such as cross-network attacks and unauthorized access.The thesis conducts research on the interconnected security control in the integrated space and ground information network,combines with the policy-based network management model to design the interconnected security control system,resolves the conflict detection problem of security policies to improve deployment performance in large-scale policy scenarios.The main work carried out is as follows:(1)A unified security policy specification description method is proposed.Describe different types of security policies,and form different interconnected security control policies according to the differences in scenario scheduling.Combined with the security strategy management model,the security policy is applied to the inter-network interconnection security control system,and deployed to the security gateway to control the interconnection of multi-domain gateways.On the basis of the general technology-independent security policy management model,technology-related expansion is realized.(2)A policy conflict detection method based on B+tree is proposed.By dividing the attributes of the strategy,building a B+ tree index in each dimension,it can uniquely map each attribute value,quickly locate the scope of possible conflicts,improve the speed of conflict detection,and support the dynamic expansion of policy sets.In the case of a large number of security policies,conflicts can be detected quickly.(3)Design and implement the inter-network security control system.Apply the proposed policy-based network management model and policy conflict detection algorithm to the interconnection security control system,design and implement multiple functional modules such as interconnection security control,fine-grained management and control,security policy status monitoring,etc.Satisfies the interconnected security control requirements..Experimental results show that the designed security policy description specification can uniformly describe a variety of multi-domain network interconnection security control policies,and has good scalability.The policy conflict detection method based on B+tree has stable performance,can quickly and accurately detect the type of policy conflict,and can effectively prevent conflicts from occurring.The inter-network interconnection security control system can effectively manage the security gateway equipment and various interconnection security control policies.