摘要
报文过滤策略是基于报文头部及相关信息对其进行分类的规则集合,报文分类是提供网络服务如路由、QoS、安全等的关键技术.策略中的冲突会导致不一致的系统行为.提出了一种具有精确语义的过滤策略语言,并给出了该语言到Horn程序的转换规则,从而可以利用逻辑推理技术检测和解析冲突.理论分析和原型实现验证了该方法的有效性.
Packet filters are rules for classifying packets based on their header fields and other related information. Packet classification is essential to enabling network services such as Quality of Service ( QoS ), routing, and security. However, conflicts among filters can cause undesirable system behavior. This paper proposes a new representation with precise semantics for specifying packet filter policies, gives the translation scheme from filter rules to a set of Horn clauses. Thus we can detect and resolve filter conflicts by means of logical reasoning. Theoretical analysis and prototype implementation validate our method of policy description and conflict resolution.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2005年第B12期2517-2523,共7页
Acta Electronica Sinica
基金
国家自然科学基金重大研究计划“网络与信息安全”(No.90104001)
国家973项目基金(No.2003CB314802)
国防预研项目基金“系统管理与网络管理”(No.413150202)
关键词
报文过滤策略
策略管理
策略冲突
冲突解决
packet filter policy
policy management
policy conflict
conflict resolution