Network System Model-Based Multi-level Policy Generation and Representation

Device and technology oriented policy making excessively depends on the knowledge and experiences of managers, but ignores the requirements and effects of the application environment. So the policy making is incomplete and liable to make mistakes. To solve the problem, hierarchy network security system model is designed. Policy making and representation methods are proposed based on the system modeling, which make the policy making is not limited to a single device and the only one security function. Upon the method, the policy auto making is implemented, and the policy correctness and integrity are insured, which decrease the burden of the manager and the possibilities of mistaking. According to the refinement of the policy basic attributes, multi-level policy representation described in BNF (Backus-Naur Form) form is promoted, which makes policy representation friendlier and more operable.