{"title":"零信任安全策略的运行时模型检查方法","authors":"Zhi Niu, Luming Dong, Yong Zhu","doi":"10.1145/3558819.3558821","DOIUrl":null,"url":null,"abstract":"The policy administrator is a zero trust dynamic authority determination component, which is mainly responsible for the management, storage and evaluation of policies. Aiming at the evaluation of the security and effectiveness of the policies in the policy administrator, this paper proposes to introduce the policy model online service verification component in the policy administrator. First, the policy file is formalized into a policy instance logic specification through logical abstraction, and then the policy instance logic specification Perform model check with the policy abstract logic specification developed by the policy designer to realize the pre-check verification of the consistency of the police file. After the completion of the pre-check and verification, the policy will be executed for the policy manager to make a decision on the execution point of the policy. At this time, the system operating state data intercepted by the policy enforcement point and the embedded system's security, compliance, and legal treaty form process specifications are used to perform model post-check to achieve the security and alarm after the implementation of the policy. Through the combination of pre-check and post-check, the evaluation and testing of the policy and effectiveness of the zero-trust security policy are finally realized.","PeriodicalId":373484,"journal":{"name":"Proceedings of the 7th International Conference on Cyber Security and Information Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Runtime model checking Method for Zero Trust Security Policy\",\"authors\":\"Zhi Niu, Luming Dong, Yong Zhu\",\"doi\":\"10.1145/3558819.3558821\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The policy administrator is a zero trust dynamic authority determination component, which is mainly responsible for the management, storage and evaluation of policies. Aiming at the evaluation of the security and effectiveness of the policies in the policy administrator, this paper proposes to introduce the policy model online service verification component in the policy administrator. First, the policy file is formalized into a policy instance logic specification through logical abstraction, and then the policy instance logic specification Perform model check with the policy abstract logic specification developed by the policy designer to realize the pre-check verification of the consistency of the police file. After the completion of the pre-check and verification, the policy will be executed for the policy manager to make a decision on the execution point of the policy. At this time, the system operating state data intercepted by the policy enforcement point and the embedded system's security, compliance, and legal treaty form process specifications are used to perform model post-check to achieve the security and alarm after the implementation of the policy. Through the combination of pre-check and post-check, the evaluation and testing of the policy and effectiveness of the zero-trust security policy are finally realized.\",\"PeriodicalId\":373484,\"journal\":{\"name\":\"Proceedings of the 7th International Conference on Cyber Security and Information Engineering\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 7th International Conference on Cyber Security and Information Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3558819.3558821\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th International Conference on Cyber Security and Information Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3558819.3558821","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Runtime model checking Method for Zero Trust Security Policy
The policy administrator is a zero trust dynamic authority determination component, which is mainly responsible for the management, storage and evaluation of policies. Aiming at the evaluation of the security and effectiveness of the policies in the policy administrator, this paper proposes to introduce the policy model online service verification component in the policy administrator. First, the policy file is formalized into a policy instance logic specification through logical abstraction, and then the policy instance logic specification Perform model check with the policy abstract logic specification developed by the policy designer to realize the pre-check verification of the consistency of the police file. After the completion of the pre-check and verification, the policy will be executed for the policy manager to make a decision on the execution point of the policy. At this time, the system operating state data intercepted by the policy enforcement point and the embedded system's security, compliance, and legal treaty form process specifications are used to perform model post-check to achieve the security and alarm after the implementation of the policy. Through the combination of pre-check and post-check, the evaluation and testing of the policy and effectiveness of the zero-trust security policy are finally realized.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
