首页 | 本学科首页   官方微博 | 高级检索  
     

计算机网络的一实体安全体系结构
引用本文:段海新,吴建平.计算机网络的一实体安全体系结构[J].计算机学报,2001,24(8):853-859.
作者姓名:段海新  吴建平
作者单位:清华大学信息网络工程研究中心
摘    要:提出了计算机网络的一种实体安全体系结构(ESA)。文中描述了计算机网络的组成实体,并讨论了各实体的安全功能分配。基于ESA,提出了基于政策的安全管理(PBSM)的概念,其中包括三层安全政策的定义:组织抽象安全政策、全局自动完全政策、局部可执行安全政策,并提出了PBSM的三个管理环节:制定、实施与验证,把网络作为一个整体来管理,实现安全管理的系统化和自动化。应用实体安全体系结构,分析了现有网络安全服务的不足和安全管理中存在的问题,指出了实现ESA的进一步研究工作。

关 键 词:计算机网络  安全体系结构  安全政策  防火墙
修稿时间:1999年12月12

An Entity Security Architecture for Computer Networks
DUAN Hai,Xin,WU Jian,Ping.An Entity Security Architecture for Computer Networks[J].Chinese Journal of Computers,2001,24(8):853-859.
Authors:DUAN Hai  Xin  WU Jian  Ping
Abstract:An entity security architecture (ESA) is proposed in this paper for computer networks, from the view of its entity components. The composite entities are described, as well as their allocation of security function for each kind of entity. Based on ESA, the idea of Policy Based Security Management (PBSM) is proposed, in which three level of security policy is defined, that is, Organizational Abstract Security Policy, Global Automatic Security Policy and Local Executable Security Policy. Three phases, the definition and creation, enforcement, and verification of security policy, are presented to achieve PBSM. Applying ESA to current networks, some deficiencies in security services provided and some problems in security management are analyzed. Finally, some further research work is pointed out which must be deployed to implement ESA.
Keywords:computer networks  security architecture    security policy  security management  policy based security management
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号