检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王卫平[1] 陈文惠[1] 李哲鹏[1] 陈华平[1]
机构地区:[1]中国科学技术大学信息管理与决策科学系,合肥230026
出 处:《中国科学院研究生院学报》2007年第3期372-379,共8页Journal of the Graduate School of the Chinese Academy of Sciences
基 金:国家863计划项目(2003AA103710)资助
摘 要:安全管理员经常需要对防火墙策略进行比较,以找出其中不一致的地方.但是,这个比较平台的选择,令安全管理员煞费脑筋.为了进行防火墙策略的比较,首先给出了FPT(防火墙策略树)模型;其次给出了策略树的构造算法,该算法可以把一个防火墙策略转换为策略树;再次是策略树的比较算法;最后给出了防火墙策略的比较过程.这些算法的组合可以对防火墙策略进行比较,给出不同防火墙采用不同过滤决策的数据包集合,为安全管理员保证企业网络的安全提供了方便.另外,该模型还可以推广到大量的包分类系统当中,来进行策略的比较.As a traditional technique of information security, firewall has played a very important role. Security administrators frequently have to compare firewall policies looking for inconsistence, while it is not a smooth process to choose a platform for the comparison. To realize the comparison between firewalls' policies, this paper provides FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm, and finally presents the procedures of comparing firewalls' policies. Combination of the two algorithms can be used to perform a comparison between firewalls' policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decisions, so as to find out the inconsistency in firewalls' policies.
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.149.237.146
