| 可重构安全系统建模与配置生成方法研究 |
| |
| 引用本文: | 肖玮,陈性元,杜学绘,李海玉,陈宇涵.可重构安全系统建模与配置生成方法研究[J].软件学报,2018,29(12):3635-3647. |
| |
| 作者姓名: | 肖玮 陈性元 杜学绘 李海玉 陈宇涵 |
| |
| 作者单位: | 解放军信息工程大学 密码工程学院, 河南 郑州 450000;空军航空大学 基础部, 吉林 长春 130022,解放军信息工程大学 密码工程学院, 河南 郑州 450000,解放军信息工程大学 密码工程学院, 河南 郑州 450000,空军航空大学 基础部, 吉林 长春 130022,解放军信息工程大学 密码工程学院, 河南 郑州 450000 |
| |
| 基金项目: | 国家高技术研究发展计划(863)(2012AA012704);国家自然科学基金(61502531) |
| |
| 摘 要: | 以安全重构元为基础,能够提供高灵活性、适应性和可扩展性安全服务的可重构安全计算系统已成为当前安全研究领域的热点问题.目前,关于重构机理的研究主要采取基于功能候选集的静态重构配置生成方法,可重构安全系统作为一种主动安全防御手段,应具有动态自动重构的能力,避免人工介入导致的脆弱性.针对动态自动可重构安全系统的建模以及配置生成过程的描述问题,提出了一种基于直觉主义逻辑扩展的动态自动可重构安全系统逻辑模型SSPE,给出了逻辑模型SSPE上的语法和推理规则,设计了基于SSPE的等级化安全重构元和安全需求建模和表达方法,并给出了基于映射关系的安全重构元描述向逻辑语言的转换规则.最后,以IPSec协议为例,阐述了可重构安全系统重构配置的动态自动推理生成过程.基于直觉主义逻辑的可重构安全系统建模和配置生成方法,为研究可重构安全系统的重构机理提供了新的思路和方法,具有重要的意义.
|
| 关 键 词: | 可重构安全系统 直觉主义逻辑 安全重构元 重构机理 |
| 收稿时间: | 2015/12/7 0:00:00 |
| 修稿时间: | 2017/2/6 0:00:00 |
Research on Reconfigurable Security System Modeling and Configuration Generation |
| |
| XIAO Wei,CHEN Xing-Yuan,DU Xue-Hui,LI Hai-Yu and CHEN Yu-Han.Research on Reconfigurable Security System Modeling and Configuration Generation[J].Journal of Software,2018,29(12):3635-3647. |
| |
| Authors: | XIAO Wei CHEN Xing-Yuan DU Xue-Hui LI Hai-Yu and CHEN Yu-Han |
| |
| Affiliation: | Cryptography Engineering College, The PLA Information Engineering University, Zhengzhou 450000, China;Department of Foundation, Aviation University of Air Force, Changchun 130022, China,Cryptography Engineering College, The PLA Information Engineering University, Zhengzhou 450000, China,Cryptography Engineering College, The PLA Information Engineering University, Zhengzhou 450000, China,Department of Foundation, Aviation University of Air Force, Changchun 130022, China and Cryptography Engineering College, The PLA Information Engineering University, Zhengzhou 450000, China |
| |
| Abstract: | Reconfigurable security system with high flexibility, adaptability and scalability is a hot issue in the field of security research. At present, research on the reconfiguration mechanism is mainly based on the static reconfiguration method. As an active security defense method, it should have the ability of dynamic automatic reconfiguration. In order to solve the problem of modeling and describing dynamic and automatic reconfigurable security system, this paper proposes a new model, SSPE based on intuitionistic logic, and presents its syntax and inference rules. The transformation rules from the specification of security reconfigurable component to SSPE logic expressions are obtained by the method of mapping relationship. In the end, the paper describes the reasoning and generating process of security system reconfiguration based on IPSec protocol. Modeling and expression method based on intuitionistic logic can provide new ideas and methods for the research of reconfigurable security system, which is of great significance. |
| |
| Keywords: | reconfigurable security system intuitionistic logic security reconfigurable component reconfiguration mechanism |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
