基于分层网络系统模型的多层策略生成和表示

策略编写和表示是策略研究的基础。当前策略编写多直接面向设备和技术，过于依赖管理员的知识和经验，而忽视了应用环境对策略制定的要求和影响，造成策略编写不完备、易出错。为解决这一问题，设计了分层网络安全系统模型，提出从系统建模的角度讨论策略生成和表示，使得策略制定不再局限于单台设备或某种安全功能，而是建立在了解整个网络系统安全需求的基础上，一定程度上实现了策略的自动生成，保证了策略制定的正确性和完整性，降低了管理员负担，减小了出错的可能。然后通过提炼策略基本属性，设计了基于网络安全系统模型的多层安全策略表示方法，并采用BNF范式描述了策略语法规范，策略表示更加友好，操作性更强。

Multi-level policy generation and representation based on hierarchy network system model

Policy establishment and representation is the base of the policy research.Nowadays,device and technology oriented policy making excessively depends on the knowledge and the experiences, but ignores the requirement and the effect of the application environment.So the policy making is no integrity and liable to make a mistake.To solve the problem,hierarchy network security system model is designed,and the policy making and representation is proposed based on the system modeling,which make the policy making is not limited by the single device and the only one security function.Upon the method,the policy auto making is implemented to some degree and the correctness and the integrity are insured, which decrease the burden of the manager,and the possibilities of the mistaking.According to the refinement of the policy basic attributes,Multi -level policy representation method based on requirement-driven network system model is promoted.Using the BNF normal form to describe the policy grammar specification, policy representation is friendlier and more operable.