The multiple security domains management and the security gateways that protect the security domain boundary are applied in space-ground integration information network, so we can adjust network security functions in the gateways dynamically by reconfiguration as the response to various security threats and malicious attacks. To solve the decision making problem about when to reconfigure and what to reconfigure, we presented privilege transition graph of internal security domain that can show us the vulnerabilities utilization between hosts in the domain. The algorithm combining forward breadth search and depth backtracking was proposed to get the attack paths from one host to key resources in the domain. And a quantification method for the risk of attack paths was presented. The method was tested which could provide effective data for recoufiguration decision.
Software And Hardware