###
Journal of Software:2018.29(12):3635-3647

可重构安全系统建模与配置生成方法研究
肖玮,陈性元,杜学绘,李海玉,陈宇涵
(解放军信息工程大学 密码工程学院, 河南 郑州 450000;空军航空大学 基础部, 吉林 长春 130022)
Research on Reconfigurable Security System Modeling and Configuration Generation
XIAO Wei,CHEN Xing-Yuan,DU Xue-Hui,LI Hai-Yu,CHEN Yu-Han
(Cryptography Engineering College, The PLA Information Engineering University, Zhengzhou 450000, China;Department of Foundation, Aviation University of Air Force, Changchun 130022, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 389   Download 340
Received:December 07, 2015    Revised:February 06, 2017
> 中文摘要: 以安全重构元为基础,能够提供高灵活性、适应性和可扩展性安全服务的可重构安全计算系统已成为当前安全研究领域的热点问题.目前,关于重构机理的研究主要采取基于功能候选集的静态重构配置生成方法,可重构安全系统作为一种主动安全防御手段,应具有动态自动重构的能力,避免人工介入导致的脆弱性.针对动态自动可重构安全系统的建模以及配置生成过程的描述问题,提出了一种基于直觉主义逻辑扩展的动态自动可重构安全系统逻辑模型SSPE,给出了逻辑模型SSPE上的语法和推理规则,设计了基于SSPE的等级化安全重构元和安全需求建模和表达方法,并给出了基于映射关系的安全重构元描述向逻辑语言的转换规则.最后,以IPSec协议为例,阐述了可重构安全系统重构配置的动态自动推理生成过程.基于直觉主义逻辑的可重构安全系统建模和配置生成方法,为研究可重构安全系统的重构机理提供了新的思路和方法,具有重要的意义.
Abstract:Reconfigurable security system with high flexibility, adaptability and scalability is a hot issue in the field of security research. At present, research on the reconfiguration mechanism is mainly based on the static reconfiguration method. As an active security defense method, it should have the ability of dynamic automatic reconfiguration. In order to solve the problem of modeling and describing dynamic and automatic reconfigurable security system, this paper proposes a new model, SSPE based on intuitionistic logic, and presents its syntax and inference rules. The transformation rules from the specification of security reconfigurable component to SSPE logic expressions are obtained by the method of mapping relationship. In the end, the paper describes the reasoning and generating process of security system reconfiguration based on IPSec protocol. Modeling and expression method based on intuitionistic logic can provide new ideas and methods for the research of reconfigurable security system, which is of great significance.
文章编号:     中图分类号:    文献标志码:
基金项目:国家高技术研究发展计划(863)(2012AA012704);国家自然科学基金(61502531) 国家高技术研究发展计划(863)(2012AA012704);国家自然科学基金(61502531)
Foundation items:National High Technology Research and Development Program (863) (2012AA012704); National Natural ScienceFoundation of China (61502531)
Reference text:

肖玮,陈性元,杜学绘,李海玉,陈宇涵.可重构安全系统建模与配置生成方法研究.软件学报,2018,29(12):3635-3647

XIAO Wei,CHEN Xing-Yuan,DU Xue-Hui,LI Hai-Yu,CHEN Yu-Han.Research on Reconfigurable Security System Modeling and Configuration Generation.Journal of Software,2018,29(12):3635-3647