In the computer network security, the measures using in firewall and IDS are changed by policy. Because the machine rules are used in the process, the measure is not consistency with the policy. Propose a method to measure semantic between the policy and measure. It makes the semantic model based on ponder with operation semantic, design the rule to transform policy to measure, using these rules to finish engine in order to compute the consistency automatically by the specific network environment and event. The experiment shows that the method can analyse consistency for semantics between policy and measure effectively. '%计算机网络安全中以防火墙和入侵检测为代表的安全措施需要由高层策略转换得出.但在转换过程中由于机械规则的影响,策略与措施间语义的内容可能不一致.文中提出了一种用于计算策略到措施的语义度量方法,针对典型的ponder策略建立其语言结构化操作语义模型,规定高层策略到底层措施的转换规则,根据特定网络环境和事件,构造相关的推理引擎,能够自动实现底层措施到高层策略的语义度量.实验结果表明,该方法可以有效地实现策略和底层措施之间的在语义上存在的差异.
展开▼
