基于语义相似度的静态安全策略一致性检测

计算机科学 ›› 2015, Vol. 42 ›› Issue (8): 166-169.

基于语义相似度的静态安全策略一致性检测

唐成华,王丽娜,强保华,汤申生,张鑫

桂林电子科技大学广西信息科学实验中心桂林541004;桂林电子科技大学广西可信软件重点实验室桂林541004,桂林电子科技大学广西信息科学实验中心桂林541004;桂林电子科技大学广西可信软件重点实验室桂林541004,桂林电子科技大学广西可信软件重点实验室桂林541004,西密苏里州立大学电子工程学院圣约瑟夫64507,桂林电子科技大学广西可信软件重点实验室桂林541004

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家自然科学基金(61462020,6,61163057),广西自然科学基金(2014GXNSFAA118375),广西信息科学实验中心基金(20130329)资助

Static Security Policy Consistency Detection Based on Semantic Similarity

TANG Cheng-hua, WANG Li-na, QIANG Bao-hua, TANG Shen-sheng and ZHANG Xin

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 安全策略语义是人类控制安全行为意志的表达。针对策略语义在定义和转换过程中存在的冲突等问题,提出一种基于语义相似度的静态安全策略一致性检测模型与算法。首先建立策略领域本体并提取特征因子,给出基于本体中概念特征的语义相似度计算方法；继而以防火墙安全策略为例建立实例检测模型,运用静态安全策略一致性检测算法对冲突策略进行标记处理,并保证最终的策略规则库的一致性。实验结果表明,该算法具有较好的检测效果,为解决安全策略在定义、制定和映射等阶段的冲突提供了一种可行的途径。

关键词: 安全策略,语义相似度,语义一致性,领域本体,特征因子

Abstract: The security policy semanteme is the expression of human control safety behavior will.Aiming at the problem of the policy semantic conflicts existing in the definition and conversion process,a static security policy consistency detection algorithm based on the semantic similarity was proposed.Firstly,the domain ontology of the security policy is established,the characteristic factor is extracted,and then the calculation method of semantic similarity based on the ontology concept features is presented.Secondly,the firewall security policy is used as an example to establish a detection model,and the static security policy consistency detection algorithm is used to mark the confict policy,ensuring the consistency of the final policy rule base.Experimental results show that this method has better detection effect,and provides a feasible way to solve the security policy conflicts in the stage of definition,making and mapping.

Key words: Security policy,Semantic similarity,Semantic consistency,Domain ontology,Characteristic factor

唐成华,王丽娜,强保华,汤申生,张鑫. 基于语义相似度的静态安全策略一致性检测[J]. 计算机科学, 2015, 42(8): 166-169. https://doi.org/

TANG Cheng-hua, WANG Li-na, QIANG Bao-hua, TANG Shen-sheng and ZHANG Xin. Static Security Policy Consistency Detection Based on Semantic Similarity[J]. Computer Science, 2015, 42(8): 166-169. https://doi.org/

参考文献

[1] David B,Vincent J,Felix K,et al.Enforceable security policies revisited [J].ACM Transactions on Information and System Security,2013,16(1):31-56
[2] Mohan A,Blough D M,Kurc T,et al.Detection of conflicts and inconsistencies in taxonomy-based authorization policies [C]∥Proceedings of the IEEE International Conference on Bioinformatics and Biomedicine.Atlanta,GA,2011:590-594
[3] Li Zang,Chu Chao-hsien,Yao Wen.A semantic authorizationmodel for pervasive healthcare [J].Journal of Network and Computer Applications,2014,38:76-87
[4] 李瑞轩,鲁剑锋,李添翼,等.一种访问控制策略非一致性冲突消解方法[J].计算机学报,2013,36(6):1210-1223 Li Rui-xuan,Lu Jian-feng,Li Tian-yi,et al.An approach for resolving inconsistency conflicts in access control policies [J].Chinese Journal of Computers,2013,36(6):1210-1223
[5] Bao Yi-bao,Yin Li-hua,Fang Bin-xing,et al.A novel logic-based automatic approach to constructing compliant security policies [J].Science China:Information Sciences,2012,55(1):149-164
[6] 包义保,殷利华,方滨兴,等.基于良基语义的安全策略表达与验证方法[J].软件学报,2012,23(4):912-927Bao Yi-bao,Yin Li-hua,Fang Bin-xing,et al.Approach of secu-rity policy expression and verification based on well-founded semantic [J].Journal of Software,2012,23(4):912-927
[7] Basile C,Cappadonia A,Lioy A.Network-level access control policy analysis and transformation [J].IEEE/ACM Transactions on Networking,2012,20(4):985-998
[8] 沈国华,张伟,黄志球,等.基于描述逻辑的特征语义建模及验证[J].计算机研究与发展,2013,50(7):1501-1512Shen Guo-hua,Zhang Wei,Huang Zhi-qiu,et al.Description- logic-based feature modeling and verification [J].Journal of Computer Research and Development,2013,50(7):1501-1512
[9] 王腾,朱青,王珊.基于语义相似度的Web信息可信分析[J].计算机学报,2013,36(8):1668-1681 Wang Teng,Zhu Qing,Wang Shan.Fact statements verification based on semantic similarity [J].Chinese Journal of Computers,2013,36(8):1668-1681
[10] 程勇,黄河,邱莉榕,等.一个基于相似度计算的动态多维概念映射算法[J].小型微型计算机系统,2006,27(6):975-979 Cheng Yong,Huang He,Qiu Li-rong,et al.Similarity-based dynamic multi-dimension concept mapping algorithm [J].Mini-Micro Systems,2006,27(6):975-979
[11] 郑晓洁,张琳.本体映射中相似度计算的改进[J].计算机科学,2013,40(12):108-112 Zheng Xiao-jie,Zhang Lin.Modification of similarity computation in ontology mapping [J].Computer Science,2013,40(12):108-112
[12] Kobra E,Amin R D,Mahmoud N.Overlapped ontology partitioning based on semantic similarity measures [C]∥Proceedings of the 5th International Symposium on Telecommunications.Tehran,Iran,2010:1013-1018
[13] Pirro G.A semantic similarity metric combining features and intrinsic information content [J].Data & Knowledge Engineering,2009,68(11):1289-1308
[14] Kunal V,Rama A,Richard G.Semantic matching of web service policies[C]∥Proceedings of the 2nd International Workshop on Semantic and Dynamic Web Processes.Orlando,USA,2005:1-12
[15] Gruber T R.A translation approach to portable ontology specifications [J].Knowledge Acquisition,1993,5(2):199-220
[16] 倪俊,陈晓苏,刘辉宇,等.网络安全策略求精一致性检测和冲突消解机制的研究[J].计算机科学,2011,38(2):32-37 Ni Jun,Chen Xiao-su,Liu Hui-yu,et al.Research on network security policy refinement consistency of detection and conflict resolution mechanisms [J].Computer Science,2011,38(2):32-37

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed