| 一种基于域内的访问控制策略提炼模型及其实现 |
| |
| 引用本文: | 曾旷怡,张金祥,杨家海.一种基于域内的访问控制策略提炼模型及其实现[J].计算机工程,2006,32(11):136-137,140. |
| |
| 作者姓名: | 曾旷怡 张金祥 杨家海 |
| |
| 作者单位: | 清华大学信息网络工程研究中心,北京,100084;清华大学信息网络工程研究中心,北京,100084;清华大学信息网络工程研究中心,北京,100084 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 以CERNET的管理为应用背景,从分析策略管理系统的关键技术和难点问题入手,提出了一种新的策略提炼模型。其原理是利用ACL的特性,将不同策略语言表示的策略映射到ACL,再分发给不同的网络设备运行。该方案简化了传统策略提炼过程中复杂的转换逻辑问题,使基于域内的安全和访问控制管理完全实现自动化。
|
| 关 键 词: | 基于策略的网络管理 策略提炼 访问控制列表 |
| 文章编号: | 1000-3428(2006)11-0136-02 |
| 收稿时间: | 2005-08-08 |
| 修稿时间: | 2005-08-08 |
A Model Based on Domain for Access Control Policy Refinement and Its Implementation |
| |
| ZENG Kuangyi,ZHANG Jinxiang,YANG Jiahai.A Model Based on Domain for Access Control Policy Refinement and Its Implementation[J].Computer Engineering,2006,32(11):136-137,140. |
| |
| Authors: | ZENG Kuangyi ZHANG Jinxiang YANG Jiahai |
| |
| Affiliation: | Information Network Engineering Research Center. Tsinghua University, Beijing 100084 |
| |
| Abstract: | A new model for policy refinement is presented at the application background of CERNET.Using the properties of access control list(ACL) in this model,the policies described in different specification languages are mapped into access control lists,which are distributed to different network devices to enforce.Thus,the complex transformation logic in traditional policy refinement fashion is simplified,especially,security and access control configuration management can be automated |
| |
| Keywords: | Policy based network management Policy refinement Access control list(ACL) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
