Description and Reasoning of Security Policy in Information System Based on Security Domain

Security policy is the core of information system security management. In order to solve the problem of the security policy unified specification description, the classification and normative description are proposed based on the relationship between its object classes, which reflect the network information system and engineering security products and application policies, support security policy group and composite based on security domain. It can meet the high-level policy reuse, inheritance and parameterization, also support low-level formal reasoning. Result shows that the description and reasoning methods are conducive to information system and engineering security policy analysis, modeling and deployment.