| 防火墙策略不一致性检测算法 |
| |
| 作者姓名: | 王卫平 陈文惠 李哲鹏 陈华平 |
| |
| 作者单位: | 中国科学技术大学信息管理与决策科学系,合肥 230026 |
| |
| 摘 要: | 安全管理员经常需要对防火墙策略进行比较,以找出其中不一致的地方。但是,这个比较平台的选择,令安全管理员煞费脑筋。为了进行防火墙策略的比较,首先给出了FPT(防火墙策略树)模型,其次给出了策略树的构造算法,该算法可以把一个防火墙策略转换为策略树,再次是策略树的比较算法,最后给出了防火墙策略的比较过程。这些算法的组合可以对防火墙策略进行比较,给出不同防火墙采用不同过滤决策的数据包集合,为安全管理员保证企业网络的安全提供了方便。另外,该模型还可以推广到大量的包分类系统当中,来进行策略的比较。
|
| 关 键 词: | 防火墙 策略 比较 算法 |
Algorithm for Detecting Firewall Policy Inconsistency |
| |
| Authors: | WANG Wei-Ping CHEN Wen-Hui LI Zhe-Peng CHEN Hua-Ping |
| |
| Institution: | School of Management, University of Science & Technology of China, Hefei, 230026 |
| |
| Abstract: | As a traditional technique of information security, firewall has taken very important position. Security administrators frequently have to compare firewall policies looking for inconsistence, while it is not a smooth process to choose a platform for the comparison. To realize the comparison between firewalls’ policies, this paper provides FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm, finally presents the procedures of comparing firewalls’ policies. Combination of the two algorithms can be used to perform a comparison between firewalls’ policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and finds out the inconsistency in firewalls’ policies. |
| |
| Keywords: | Firewall Policy Comparison Algorithm |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
