CN114205125A - Policy management method, device, equipment and medium based on safe area - Google Patents
Policy management method, device, equipment and medium based on safe area Download PDFInfo
- Publication number
- CN114205125A CN114205125A CN202111409959.7A CN202111409959A CN114205125A CN 114205125 A CN114205125 A CN 114205125A CN 202111409959 A CN202111409959 A CN 202111409959A CN 114205125 A CN114205125 A CN 114205125A
- Authority
- CN
- China
- Prior art keywords
- security
- policy
- safety
- strategy
- policies
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 39
- 230000004044 response Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 7
- 229910002056 binary alloy Inorganic materials 0.000 claims description 2
- 238000001914 filtration Methods 0.000 description 16
- 238000012550 audit Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a policy management method, a device, equipment and a medium based on a safe region, which are applied to a safe supervision platform, wherein the platform is used for managing various safe devices and safe policies in a system, and the policy management method comprises the following steps: defining a policy type for any security policy in the system as required; for any safe area in the system, configuring at least one safe strategy into the safe area according to the requirement; for any safety equipment in the system, the safety equipment is drawn into a corresponding safety area according to the requirement, and the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the strategy type defined by the safety strategy; and for any safety device in the system, issuing the configured safety strategy to the safety device. The invention can uniformly issue the special strategies of various safety devices, and can individually issue the general strategies to different safety devices.
Description
Technical Field
The invention relates to the technical field of industrial control safety, in particular to a strategy management method, a device, equipment and a medium based on a safety region.
Background
With the development of network technology and the improvement of informatization degree, the aim of ensuring the whole network security is difficult to achieve by a single network security product. More and more enterprises start to use a plurality of ways of stacking security products to improve network security, but the diversity and complexity of security product categories make the policy management problem of security devices increasingly prominent.
In the current industrial control safety field, a safety supervision platform is mostly adopted to carry out unified management on equipment. The strategy of various safety devices can be configured in the system through the safety monitoring platform, and the configured strategy is issued to the safety devices in the system by the safety monitoring platform, so that the strategy management of the safety devices in the system is realized. According to the characteristics of safety equipment, deployment environment and different requirements of manufacturers, the current situation is as follows: 1) different types of security equipment have unique policy requirements, and the policies can only be issued to specific types of security equipment; 2) even if the security devices of the same category have different requirements on the policy contents, the same policy is not suitable for all devices which issue the same category of devices; 3) different classes of security devices may have the same requirements for a certain class of policy, i.e. a certain class of policy may be applicable to different classes of security devices.
Disclosure of Invention
In order to solve the above problems, the present invention provides a policy management method, apparatus, device and medium based on a secure area, which can not only uniformly issue specific policies of various types of secure devices, but also individually issue general policies to different types of secure devices.
In order to achieve the above object, a first aspect of the present invention provides a policy management method based on a security domain, which is applied to a security supervision platform, where the security supervision platform is used to manage various types of security devices and security policies in a system, and the policy management method includes:
defining a policy type for any security policy in the system according to needs, wherein the type of security policy represents a specific policy applicable to a certain type of security equipment or a general policy applicable to a plurality of types of security equipment;
for any safe area in the system, configuring at least one safe strategy into the safe area according to the requirement;
for any safety equipment in the system, the safety equipment is drawn into a corresponding safety area according to the requirement, and the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the strategy type defined by the safety strategy;
and for any safety device in the system, issuing the configured safety strategy to the safety device.
Further, whether the security policy is a unique policy or a general policy is represented by a binary.
Furthermore, for any safe area in the system, a specific strategy or a plurality of general strategies are configured to the same safe area at the same time according to the requirement and the deployment environment.
Furthermore, each type of security device includes its own specific policy and also includes a general policy that other security devices also have.
In order to achieve the above object, another aspect of the present invention provides a policy management apparatus based on a security domain, applied to a security supervision platform, where the security supervision platform is used to manage security policies of different security devices in a system, and the policy management apparatus includes:
the safety region dividing module is used for dividing at least one safety region and associating the safety strategies of the defined classes with the safety devices of the corresponding types; a secure area shall include at least one security policy and at least one target security device;
the security policy configuration module is used for defining policy types, namely creating security policies of different categories, wherein the security policies comprise specific policies and general policies; different classes of security policies are represented by specific identities; configuring at least one security policy into a security zone as required;
the safety equipment configuration module is used for configuring different types of safety equipment, dividing the safety equipment into one safety area and only one safety area according to requirements and preventing strategy conflict;
and the security policy issuing module is used for finding the security policy belonging to the security region through the security region where the security device is located, and issuing the security policy to the target security device through the type of the security policy.
Further, in the security policy configuration module, whether the security policy is a unique policy or a general policy is represented by a binary.
Further, the security policies are associated with the security devices, the security policies are verified at the same time, it is determined to which target security device each security policy is to be issued, and if the security devices cannot be associated, the security policy is skipped to be processed.
Further, the security policy is issued asynchronously by using request and response modes, each request includes a unique request ID, and in response, the request ID needs to be included in the response body.
A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the secure enclave based policy management method when executing the computer program.
A computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of the security-based policy management method.
The invention has the beneficial effects that:
according to the policy management method and device based on the safe regions, different safe regions are divided according to the deployment condition and the implementation requirement of a field network, a general policy or a special policy is defined by combining the types of equipment in each region, the safe equipment is divided into the corresponding safe regions, and the safe policies belonging to the equipment are configured. Since each device can only be classified into one type of security zone, the problem of policy conflicts can be avoided. If a plurality of device strategies in different areas need to be adjusted, the device strategies can be modified in the corresponding safety areas, and strategy updating can be realized by issuing the strategies through the safety areas at one time. The invention provides concepts of the security region and the policy type, associates the concepts with the security device, not only improves the configuration and policy issuing efficiency, but also meets the requirements of users on general policies and special policies, and the division of the security region is more convenient for policy management of the security device.
Drawings
Fig. 1 is a flow chart illustrating a conventional security policy management.
Fig. 2 is a flowchart of a security policy management method in embodiment 1 of the present invention.
Fig. 3 is a schematic structural diagram of a security policy management apparatus in embodiment 1 of the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, specific embodiments of the present invention will now be described. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
In a system composed of different types of security devices, a security supervision platform generally controls and manages the devices uniformly, wherein the security supervision platform issues security policies to the security devices, for example, in the security supervision platform system, two types of security devices, namely a firewall and an audit, are different, three types of security policies, namely a packet filtering policy, a protocol auditing policy and a blacklist policy, are different, the security supervision platform issues the packet filtering policy and the blacklist policy to the firewall devices and issues the protocol auditing policy and the blacklist policy to the audit devices, when the policies take effect, the firewall devices can perform network protection based on the packet filtering policy and the blacklist policy, and the audit devices can perform network audit based on the protocol auditing policy and the blacklist policy.
As shown in fig. 1, when the security supervision platform manages the security policies of multiple security devices, a common management scheme is to issue the security policies of different categories to different security devices respectively. In the management scheme, when the types of the security devices in the system are more and the security policies are more, the security devices need to be issued for many times, which causes efficiency reduction and is difficult to manage.
As shown in fig. 2, the present embodiment provides a policy management method based on a secure area, where the method includes the following steps:
s1, defining a type for any security policy in the system, wherein the type of security policy represents a specific policy applicable to a certain class of security equipment or a general policy applicable to a plurality of classes of security equipment.
As mentioned above, in practical applications, the security administration platform needs to manage different classes of security devices, and each class of security device includes both its own specific policy and a general policy that is also owned by another class of security device. For example, for a certain system including two types of security devices, namely firewall devices and auditing devices, three types of policies, namely a packet filtering policy, a protocol auditing policy and a blacklist policy, are also managed, wherein the packet filtering policy is a specific policy of the firewall devices, the protocol auditing policy is a specific policy of the auditing devices, and the blacklist policy is a general policy of the two types of security devices.
Under the above scenario, the packet filtering policy, the auditing policy, and the blacklist policy need to be classified respectively, and the policy class definition method includes that binary 1 represents the specific policy of the firewall device, binary 10 represents the specific policy of the auditing device, and binary 11 represents the general policies of both the firewall device and the auditing device. Thus, in the above example, the packet filtering policy is of type 1, the auditing policy is of type 10, and the blacklist policy is of type 11.
S2, configuring at least one safety area according to needs, configuring at least one safety strategy into the safety area, and simultaneously configuring a plurality of strategies of different types into the same safety area.
It can be understood that, on one hand, for the same type of security policy, the policy content is different when configuring due to different locations where the security devices are deployed, and the like. And configuring a plurality of security policies with different contents into different security areas. On the other hand, according to the requirement, the firewall device and the auditing device are deployed in the same network, so that correspondingly, different types of security policies can be contained in one security area.
According to the above example, the firewall device is deployed at the network boundary of 192.168.1.0 to protect the network, and at this time, the packet filtering policy needs to be protected against the 192.168.1.0 network, and another firewall is deployed at the network boundary of 192.168.2.0, and the packet filtering policy needs to be protected against the 192.168.2.0 network. Meanwhile, two pieces of auditing equipment are respectively deployed in 192.168.1.0 and 192.168.2.0 networks in a mirror image mode, two protocol auditing strategies need to be configured at the moment, and the contents of the two pieces of auditing equipment are respectively subjected to protocol auditing for the 192.168.1.0 and 192.168.2.0 networks. Based on the above conditions, two security areas a and B are divided, a packet filtering policy and an auditing policy for the 192.168.1.0 network are configured into one security area a, and a packet filtering policy and an auditing policy for the 192.168.2.0 network are configured into one security area B. In addition, there is a blacklist policy that applies to both firewall and audit devices, so this policy is configured in both A, B security zones.
And S3, the safety equipment configuration module is used for configuring different types of safety equipment and dividing the safety equipment into one safety area and only one safety area according to requirements.
As described above, the requirements such as the location where the security device is deployed in the network are different, and the requirements for the policy configuration are different. After the security policy is configured in the security area, the security device is divided into the security areas according to actual requirements, and the security policy in the security areas is issued to the security device.
According to the example, for a system for managing 2 firewall devices and 2 auditing devices, A, B two areas are divided according to requirements, at this time, only 1 firewall and 1 auditing device are allocated to a safety area A and the other firewall and auditing device are allocated to a safety area B according to the deployment positions.
And S4, for any safety device in the system, issuing the safety strategy configured for the device to the device.
As described above, in the security area a, 1 firewall device and 1 auditing device are allocated, and 1 packet filtering policy, 1 auditing policy, and 1 blacklist policy are configured in the security area. Similarly, 1 firewall device and 1 auditing device are also distributed in the security domain B, and 1 packet filtering strategy, 1 auditing strategy and 1 blacklist strategy are configured in the security domain B. At this time, the contents of the packet filtering policy and the auditing policy in the security areas a and B are different, and the blacklist policy is the same.
When the strategy is issued, the packet filtering strategy, the auditing strategy and the blacklist strategy are issued to corresponding target equipment as long as the strategies are issued twice according to the safety regions A and B.
For example, when issuing a security policy configured in a security area, the security policies configured in the security area are classified first, and according to a security policy class definition method, a packet filtering policy with a policy class of 1 and a blacklist policy with a policy class of 11 are issued to a firewall device, and an audit policy with a policy class of 10 and a blacklist policy with a policy class of 11 are issued to an audit device.
It should be noted that, for the sake of simplicity, the present embodiment is described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, because some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Example 2
This example is based on example 1:
as shown in fig. 3, the present embodiment provides a policy management apparatus based on a secure area, for executing the policy management method of embodiment 1, the apparatus including:
and the safety region dividing module M1 is used for dividing at least one safety region and is used for associating the safety policy of the defined category with the safety device of the corresponding type. A secure area shall include at least one security policy and at least one target device.
The security policy configuration module M2 is used to define policy types, i.e. to create different classes of security policies, including specific policies and general policies. Different classes of security policies are represented by specific identities; at least one security policy is configured into the secure zone as needed.
Specifically, the present embodiment designs a method for classifying security policies, which indicates whether a security policy is unique or general by using a binary system, so that according to the method, it is very convenient to distinguish which security devices to which a policy is to be issued.
Optionally, an attribute may be defined to represent the version number of the current policy, and the version number is incremented after each policy update, so that when the policy is issued to the target device, the device may compare the version number of the current policy with the issued version number, if the version numbers are the same, the policy does not need to be updated, and if the version numbers are larger than the current version number, the policy needs to be updated.
A security device configuration module M3, a security device configuration module, for configuring different classes of security devices. The safety equipment is divided into one safety area and only one safety area according to the requirement, so that the strategy conflict is prevented.
Specifically, in the above scheme, the created security devices are divided into at least one security domain, and one security device can only be classified into one security domain; it will be appreciated that when a secure device is moved into a secure area, the security policy belonging to the device in the secure area will be configured. At this point, the policy in the secure domain has fully satisfied the security policy requirements of the device. If the same security device is divided into another security area, the issuing will cause conflict when having the same policy.
The security policy issuing module M4 is configured to, for any security device in the system, find a security policy that belongs to the security region through the security region where the security device is located, and issue the security policy to the security device through the type of the security policy.
Specifically, on the basis of the above scheme, the security policies are associated with the security devices, the security policies are verified at the same time, it is determined to which target device each security policy is to be issued, and if there is a case that the security devices cannot be associated, the policy is skipped to be processed. When the system is issued, the system can be asynchronously issued by using a request and response mode, each request contains a unique request ID, and when the system is responded, the request ID needs to be contained in a response body, so that the system can correspond to the request when the system processes the response. When sending down, the response has two results, one is that there is an error in the response, and the other is that there is no response. For the case of response error, the strategy is adjusted according to the error prompt, for the case of no response, a timeout mechanism is designed, after timeout, the strategy is issued to the target equipment again, timeout is continuously carried out for 3 times, a timeout result is returned, the user checks whether the state of the equipment is on-line, and the equipment is issued again after the problem is processed. When the target device receives the issued strategy, the network is disconnected and cannot send a response to the management system, but the target device already issues the strategy, and when the strategy is issued again, the issued strategy can be selected to be updated or ignored according to the version number of the strategy.
Example 2
This example is based on example 1:
the present embodiment provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the secure enclave-based policy management method and apparatus of embodiment 1 when executing the computer program. The computer program may be in the form of source code, object code, an executable file or some intermediate form, among others.
Example 3
This example is based on example 1:
the present embodiment provides a computer-readable storage medium, which stores a computer program, and the computer program, when executed by a processor, implements the steps of the secure enclave-based policy management method and apparatus of embodiment 1. The computer program may be in the form of source code, object code, an executable file or some intermediate form, among others. The storage medium includes: any entity or device capable of carrying computer program code, recording medium, computer memory, Read Only Memory (ROM), Random Access Memory (RAM), electrical carrier signals, telecommunications signals, software distribution medium, and the like. It should be noted that the storage medium may include contents that are appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction, for example, in some jurisdictions, the storage medium does not include electrical carrier signals and telecommunication signals according to legislation and patent practice.
Claims (10)
1. A strategy management method based on a security area is applied to a security supervision platform, the security supervision platform is used for managing various security devices and security strategies in a system, and the strategy management method is characterized by comprising the following steps:
defining a policy type for any security policy in the system according to needs, wherein the type of security policy represents a specific policy applicable to a certain type of security equipment or a general policy applicable to a plurality of types of security equipment;
for any safe area in the system, configuring at least one safe strategy into the safe area according to the requirement;
for any safety equipment in the system, the safety equipment is drawn into a corresponding safety area according to the requirement, and the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the strategy type defined by the safety strategy;
and for any safety device in the system, issuing the configured safety strategy to the safety device.
2. The secure enclave-based policy management method according to claim 1, wherein whether the security policy is a specific policy or a general policy is represented by a binary.
3. The method of claim 1, wherein a specific policy or a plurality of general policies are configured to a same security area according to requirements and deployment environment for any security area in the system.
4. A method for policy management based on secure enclaves according to claim 1, wherein each type of secure device contains its own specific policy and also contains a general policy that is also available to other secure devices.
5. A policy management device based on a security domain, applied to a security supervision platform, the security supervision platform is used for managing security policies of different security devices in a system, and the policy management device comprises:
the safety region dividing module is used for dividing at least one safety region and associating the safety strategies of the defined classes with the safety devices of the corresponding types; a secure area shall include at least one security policy and at least one target security device;
the security policy configuration module is used for defining policy types, namely creating security policies of different categories, wherein the security policies comprise specific policies and general policies; different classes of security policies are represented by specific identities; configuring at least one security policy into a security zone as required;
the safety equipment configuration module is used for configuring different types of safety equipment, dividing the safety equipment into one safety area and only one safety area according to requirements and preventing strategy conflict;
and the security policy issuing module is used for finding the security policy belonging to the security region through the security region where the security device is located, and issuing the security policy to the target security device through the type of the security policy.
6. The policy management device according to claim 5, wherein the security policy configuration module indicates whether the security policy is a specific policy or a general policy by a binary system.
7. The policy management apparatus according to claim 5, wherein the security policies are associated with the security devices, and the security policies are verified to determine to which target security device each security policy is to be issued, and if there is a case that the security devices cannot be associated, the security policy is skipped from being processed.
8. The policy management device based on security zone as claimed in claim 7, wherein the security policy is issued asynchronously using request and response mode, each request contains unique request ID, and the request ID is required to be contained in the response body in response.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of the secure enclave based policy management method of any one of claims 1 to 4.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the secure enclave based policy management method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409959.7A CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409959.7A CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114205125A true CN114205125A (en) | 2022-03-18 |
| CN114205125B CN114205125B (en) | 2024-03-29 |
Family
ID=80648846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111409959.7A Active CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114205125B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
| US20130055342A1 (en) * | 2011-08-24 | 2013-02-28 | International Business Machines Corporation | Risk-based model for security policy management |
| US20160212167A1 (en) * | 2015-01-20 | 2016-07-21 | Cisco Technology, Inc. | Classification of security policies across multiple security products |
| WO2016118478A2 (en) * | 2015-01-20 | 2016-07-28 | Cisco Technology, Inc. | Security policy unification across different security products |
| CN106572112A (en) * | 2016-11-09 | 2017-04-19 | 北京小米移动软件有限公司 | Access control method and device |
| CN108880860A (en) * | 2018-05-24 | 2018-11-23 | 杭州迪普科技股份有限公司 | A kind of policy management method and device |
| CN109150866A (en) * | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN110191118A (en) * | 2019-05-28 | 2019-08-30 | 哈尔滨工程大学 | A kind of unified charge method and system of network-oriented safety equipment |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110636030A (en) * | 2018-06-21 | 2019-12-31 | 全球能源互联网研究院有限公司 | Hierarchical safety management and control method and system for electric power mobile terminal |
| US20200396260A1 (en) * | 2019-06-11 | 2020-12-17 | Zscaler, Inc. | Automatic Network Application Security Policy Expansion |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
-
2021
- 2021-11-25 CN CN202111409959.7A patent/CN114205125B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
| US20130055342A1 (en) * | 2011-08-24 | 2013-02-28 | International Business Machines Corporation | Risk-based model for security policy management |
| US20160212167A1 (en) * | 2015-01-20 | 2016-07-21 | Cisco Technology, Inc. | Classification of security policies across multiple security products |
| WO2016118478A2 (en) * | 2015-01-20 | 2016-07-28 | Cisco Technology, Inc. | Security policy unification across different security products |
| CN106572112A (en) * | 2016-11-09 | 2017-04-19 | 北京小米移动软件有限公司 | Access control method and device |
| CN108880860A (en) * | 2018-05-24 | 2018-11-23 | 杭州迪普科技股份有限公司 | A kind of policy management method and device |
| CN110636030A (en) * | 2018-06-21 | 2019-12-31 | 全球能源互联网研究院有限公司 | Hierarchical safety management and control method and system for electric power mobile terminal |
| CN109150866A (en) * | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110191118A (en) * | 2019-05-28 | 2019-08-30 | 哈尔滨工程大学 | A kind of unified charge method and system of network-oriented safety equipment |
| US20200396260A1 (en) * | 2019-06-11 | 2020-12-17 | Zscaler, Inc. | Automatic Network Application Security Policy Expansion |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
Non-Patent Citations (2)
| Title |
|---|
| CATALDO BASILE; ANTONIO LIOY; CHRISTIAN PITSCHEIDER; FULVIO VALENZA; MARCO VALLINI: "A novel approach for integrating security policy enforcement with dynamic network virtualization", 《PROCEEDINGS OF THE 2015 1ST IEEE CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT)》 * |
| 樊志杰; 郑长松; 曹志威: "基于动态策略的移动警务终端安全管控系统的设计与实现", 《计算机测量与控制》, vol. 29, no. 6, pages 219 - 223 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114205125B (en) | 2024-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7921089B2 (en) | Feature based data management | |
| US8122505B2 (en) | Method and apparatus for detection of malicious behavior in mobile ad-hoc networks | |
| CN112291298B (en) | Data transmission method, device, computer equipment and storage medium of heterogeneous system | |
| EP3414866B1 (en) | Access control for digital data | |
| US20160337164A1 (en) | Efficient access control for trigger events in sdn | |
| KR20210042241A (en) | Device access control method and apparatus for internet of things | |
| CN113064948B (en) | Efficient and safe data service publishing method | |
| CN110798459B (en) | Multi-safety-node linkage defense method based on safety function virtualization | |
| US20220086180A1 (en) | Fidelity of anomaly alerts using control plane and data plane information | |
| CN103778379A (en) | Managing application execution and data access on a device | |
| CN111324456A (en) | Method and system for isolating resources among cloud tenants based on namespace binding | |
| US10541872B2 (en) | Network policy distribution | |
| CN114205125B (en) | Policy management method, device, equipment and medium based on security area | |
| CN112202711A (en) | Network access control method and device of terminal, electronic equipment and storage medium | |
| CN116015875A (en) | Container environment safety protection method, device, equipment and storage medium | |
| CN111967036B (en) | Distributed control-based multi-weight group inheritance treatment method and device | |
| CN115174177A (en) | Authority management method, device, electronic apparatus, storage medium and program product | |
| CN114338405A (en) | Method and system for realizing cloud platform tenant-level network policy configuration based on Kubernetes | |
| Lysenko et al. | Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization | |
| CN115801470B (en) | Micro-isolation method, device and equipment for adaptive cluster network and readable medium | |
| AU1623199A (en) | Method and apparatus for multi-stage data filtering by a single device | |
| Kuznetsov | Segregation model for dynamic frequency allocation | |
| CN114710491B (en) | Protection method of database cluster, database firewall and medium | |
| US11979292B1 (en) | Virtual network interface management for network functions using network definitions | |
| CN116743511B (en) | Authentication method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |