Title :
Research on computer network defense policy conflict detection
Author :
Chao Yuan ; Xiaoyan Liang ; Yang Bo ; Chunhe Xia
Author_Institution :
State Key Lab. of Virtual Reality Technol. & Syst., Beihang Univ., Beijing, China
fDate :
Oct. 30 2012-Nov. 2 2012
Abstract :
Policy is an essential part of computer network defense, which also has important guidance effect in the deployment, implementation, and configuration of the defense system. Thus, the possibility of conflicts existing in defense policies is becoming more and more crucial for ensuring the security of policies themselves. In this paper, we use a computer network defense policy specification language called CNDPSL, according to a model called CNDPM, to describe computer network defense policies, which can provide a uniform method of specifying policies of protection, detection and response. First, this article analyses conflicts existing in defense policies and shows the classification of these conflicts. Then, it gives a computer network defense policy detection model. Finally, this article shows a prototype system of computer network defense policy conflict detection, and validates the effectiveness of the prototype system with experiments.
Keywords :
computer network security; pattern classification; specification languages; CNDPM; CNDPSL; computer network defense policy conflict detection; computer network defense policy specification language; conflict classification; defense system; Computational modeling; Computer networks; Context; Organizations; Prototypes; Security; Semantics; computer network defense; conflict detection; defense policy; detection model; policy conflict;
Conference_Titel :
Information and Communication Technologies (WICT), 2012 World Congress on
Conference_Location :
Trivandrum
Print_ISBN :
978-1-4673-4806-5
DOI :
10.1109/WICT.2012.6409256
