摘要
安全域划分作为信息安全等级保护的重要手段,目的是将网络安全问题进行细化,把大规模复杂的网络系统分解为区域型安全防护问题,针对性地进行有重点、有区别的安全防护。针对简单一次性的安全域划分方法无法适应日愈复杂的网络结构和不断增长的业务需求,提出基于属性监控的安全域划分方法。首先给出安全域定义,研究安全域基本构成元素,建立相应的属性值域来划分安全域。并且引入属性监控器来对网络中相关属性进行全面监控,通过监控所反馈的属性变化信息对网络进行动态调整,达到控制安全域内或者安全域间主体对网络相关资源访问关系;确保对重要资源的访问的安全、可靠、有效;对即将发生、正在进行或者已经发生网络攻击的网络安全域进行隔离,以方便对其进行安全增强、有效隔离或者评估治理,防止攻击进一步扩散。
Security domain classification, as one of the important ways to protect information security levels, its purpose is topertinently advance security protections which have an emphasis and difference, through dividing security domain to delaminate networksecurity issues, the extensive complex network structure is decomposed to domain type security protection issues. Due to thecomplex network structure and rising business demand, the security domain classification is no longer the same, it is a long-term dynamicprocess. This paper presents a method of domain adaptive classification based on attribute monitoring. Firstly, the definabilityof the security domain attribute is given. Secondly the model of the cycle of monitor and respond is found out. Finally, an attributemonitor of security domain is designed, via continuous monitoring on subject attribute, object attribute and network environment attribute,proceeding date analyzing in real time, adaptive dividing security domain.
作者
韩清德
谢慧
聂峰
HAN Qingde XIE Hui NIE Feng(Department of Information Security, Naval University of Engineering, Wuhan 430033 Division of Communication, China People’s Armed Police Corps in Shandong Province, JiNan 250000)
出处
《舰船电子工程》
2016年第10期90-95,145,共7页
Ship Electronic Engineering
关键词
属性监控
安全域划分
自适应
attribute monitoring, divide security domain, adaptive
