Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Rapid fine-grained multi-domain network interconnection security control method

A multi-domain network and security control technology, which is applied in the field of fast and fine-grained multi-domain network interconnection security control, can solve the problems that the security policy language cannot be directly applied, and achieve the effect of concise and easy-to-understand configuration script, less error-prone, and simplified configuration process

Active Publication Date: 2019-06-14
BEIJING UNIV OF POSTS & TELECOMM
View PDF11 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the problem that the security policy language cannot be directly applied to the high-throughput secure Internet gateway, the present invention proposes a fast and fine-grained multi-domain network interconnection security control method; Domains, security levels, and ground-based network characteristics perform differentiated security control in inter-domain communication; it can support multi-domain network interconnection security control based on domains, services, and characteristics, and realize automatic mapping from security policies to security rules and deployment of security rules. implement

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rapid fine-grained multi-domain network interconnection security control method
  • Rapid fine-grained multi-domain network interconnection security control method
  • Rapid fine-grained multi-domain network interconnection security control method

Examples

Experimental program
Comparison scheme
Effect test

example

[0126] Example: The tree structure designed for the whitelist in the script configured in step 1 is as follows Figure 6 As shown, the left side is a schematic diagram of the tree structure before the whitelist is merged. The right side is a schematic diagram of the tree structure after the whitelist is merged.

[0127] The merging process is as follows: firstly, merge the first and second trees. If the root nodes are the same and both are A, they will be merged. If the second layer B and C are different, both nodes will be kept, and all subtrees of C will be hung under it. Then merge the last tree, if the root nodes are all A, then merge, if the second layer has the same node B, then merge, the child node of B in the last tree is app2, and the merge results of the first and second trees The child node of B in B is app1, and the same node does not exist, then the app2 of the last tree is merged under B, and the final merged result is as follows Figure 6 shown.

[0128] Ste...

Embodiment

[0195] First, configure the security policy, define a policy script between domain A and domain B that restricts the communication of business app1, edit the policy script and submit it to the multi-domain interconnected security control management visualization system in the form of a script. The script information is edited as follows:

[0196] blacklist: {A-B, app1}

[0197] During this process, write and add security policies. It includes five parts including policy type, policy XML document content, policy name, and policy function description.

[0198] Then, check the syntax of the security policy to ensure that the syntax is standardized. Combine multi-domain network semantics to translate security policies into security rules. Query whether domain A and domain B are defined in the database, query the corresponding user IP in the domain and convert it into the corresponding source IP range and destination IP range in the security rules, and query the protocol type ra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a rapid fine-grained multi-domain network interconnection security control method, and belongs to the field of network space security. The method comprises: firstly, security policy language grammar specifications are established, each security policy is converted into a normal form script, a corresponding grammar parser is achieved, and the scripts without errors are stored; designing each strategy in a white list into a tree for scripts in which domains and semantics of services exist in the network, and merging the trees; designing each strategy in the blacklist intoa tree, and merging the trees into a white list; and designing each strategy in the range default action into a tree, and merging the tree with the black and white list merging tree to obtain a security strategy tree; and finally, converting the script describing inter-domain service communication into a seven-tuple security rule describing fine granularity, distributing / transmitting the seven-tuple security rule to a security Internet gateway at a high speed, and updating security control information of an execution unit according to the security rule. The method has the advantages of simplicity, convenience, flexibility and higher efficiency.

Description

technical field [0001] The invention belongs to the field of network space security, relates to a space-ground integrated network information security guarantee system, and specifically relates to a fast fine-grained multi-domain network interconnection security control method. Background technique [0002] The space-ground integrated network is a shared and interoperable infrastructure network provided for multi-domain network users. However, there are differences in the security requirements of multi-domain bearing services. From the perspective of application services, there is a need for mutual communication between domains, which forms the characteristics of time and space change. On the network, service types / characteristics / security levels vary with multiple domains. The space-time characteristics of multi-users in the domain change, and it cannot adapt to the dynamic needs of various users in the space-ground integrated network. [0003] The space-ground integrated ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 陆月明卢波田璐瑶王皓
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products