摘要： 如何在不同的安全设备上执行统一描述的策略是策略管理研究的难点。该文通过在策略决策点增加可扩展的词法库和语法库，在策略执行点采用通用代理程序进行策略翻译，支持系统内不同设备及类型的动态扩展，为不同类型的安全设备的策略翻译提供了一种新方法，提高了策略管理的可扩展性和通用性。

关键词: 策略属性, 策略翻译, 词法库, 语法库

Abstract: It is difficult to perform unified description policy on different secure devices in policy management research. This paper adds extensible accidence database and syntax database in the PDP, and policy transformation is performed through universal agent program in the PEP, which supports the extension of different devices and types in the system. A new method of policy transformation for different types of secure devices is put forward, which improves the expandability and universality of the policy management.

Key words: policy attribute, policy transformation, accidence database, syntax database

中图分类号: 

• TP309