欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2007, Vol. 24 ›› Issue (3): 372-379.DOI: 10.7523/j.issn.2095-6134.2007.3.017

• 简报 • 上一篇    下一篇

防火墙策略不一致性检测算法

王卫平 陈文惠 李哲鹏 陈华平   

  1. 中国科学技术大学信息管理与决策科学系,合肥 230026
  • 收稿日期:1900-01-01 修回日期:1900-01-01 发布日期:2007-05-15

Algorithm for Detecting Firewall Policy Inconsistency

WANG Wei-Ping, CHEN Wen-Hui, LI Zhe-Peng, CHEN Hua-Ping   

  1. School of Management, University of Science & Technology of China, Hefei, 230026
  • Received:1900-01-01 Revised:1900-01-01 Published:2007-05-15

摘要: 安全管理员经常需要对防火墙策略进行比较,以找出其中不一致的地方。但是,这个比较平台的选择,令安全管理员煞费脑筋。为了进行防火墙策略的比较,首先给出了FPT(防火墙策略树)模型,其次给出了策略树的构造算法,该算法可以把一个防火墙策略转换为策略树,再次是策略树的比较算法,最后给出了防火墙策略的比较过程。这些算法的组合可以对防火墙策略进行比较,给出不同防火墙采用不同过滤决策的数据包集合,为安全管理员保证企业网络的安全提供了方便。另外,该模型还可以推广到大量的包分类系统当中,来进行策略的比较。

关键词: 防火墙, 策略, 比较, 算法

Abstract: As a traditional technique of information security, firewall has taken very important position. Security administrators frequently have to compare firewall policies looking for inconsistence, while it is not a smooth process to choose a platform for the comparison. To realize the comparison between firewalls’ policies, this paper provides FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm, finally presents the procedures of comparing firewalls’ policies. Combination of the two algorithms can be used to perform a comparison between firewalls’ policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and finds out the inconsistency in firewalls’ policies.

Key words: Firewall Policy Comparison Algorithm

中图分类号: