| 防火墙策略不一致性检测算法 |
| |
| 引用本文: | 王卫平,陈文惠,李哲鹏,陈华平.防火墙策略不一致性检测算法[J].中国科学院研究生院学报,2007,24(3):372-379. |
| |
| 作者姓名: | 王卫平 陈文惠 李哲鹏 陈华平 |
| |
| 作者单位: | 中国科学技术大学信息管理与决策科学系,合肥,230026 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 安全管理员经常需要对防火墙策略进行比较,以找出其中不一致的地方。但是,这个比较平台的选择,令安全管理员煞费脑筋。为了进行防火墙策略的比较,首先给出了FPT(防火墙策略树)模型,其次给出了策略树的构造算法,该算法可以把一个防火墙策略转换为策略树,再次是策略树的比较算法,最后给出了防火墙策略的比较过程。这些算法的组合可以对防火墙策略进行比较,给出不同防火墙采用不同过滤决策的数据包集合,为安全管理员保证企业网络的安全提供了方便。另外,该模型还可以推广到大量的包分类系统当中,来进行策略的比较。
|
| 关 键 词: | 防火墙 策略 比较 算法 |
| 文章编号: | 1002-1175(2007)03-0372-08 |
| 修稿时间: | 2006年6月9日 |
Algorithm for Detecting Firewall Policy Inconsistency |
| |
| WANG Wei-Ping,CHEN Wen-Hui,LI Zhe-Peng,CHEN Hua-Ping.Algorithm for Detecting Firewall Policy Inconsistency[J].Journal of the Graduate School of the Chinese Academy of Sciences,2007,24(3):372-379. |
| |
| Authors: | WANG Wei-Ping CHEN Wen-Hui LI Zhe-Peng CHEN Hua-Ping |
| |
| Institution: | School of Management, University of Science &; Technology of China, Hefei, 230026 |
| |
| Abstract: | As a traditional technique of information security,firewall has played a very important role.Security administrators frequently have to compare firewall policies looking for inconsistence,while it is not a smooth process to choose a platform for the comparison.To realize the comparison between firewalls' policies,this paper provides FPT(firewall policy tree) model,and the construction algorithm which can turn a firewall policy into a policy tree,as well as the comparison algorithm,and finally presents the procedures of comparing firewalls' policies.Combination of the two algorithms can be used to perform a comparison between firewalls' policies.By doing this,the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decisions,so as to find out the inconsistency in firewalls' policies. |
| |
| Keywords: | firewall policy comparison algorithm |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《中国科学院研究生院学报》浏览原始摘要信息 |
| 点击此处可从《中国科学院研究生院学报》下载免费的PDF全文 |
