期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

报文过滤策略的逻辑表示及冲突解决方法 被引量:1

A Logical Approach to Policy Representation and Conflict Resolution in Packet Filter
下载PDF
导出
摘要 报文过滤策略是基于报文头部及相关信息对其进行分类的规则集合,报文分类是提供网络服务如路由、QoS、安全等的关键技术.策略中的冲突会导致不一致的系统行为.提出了一种具有精确语义的过滤策略语言,并给出了该语言到Horn程序的转换规则,从而可以利用逻辑推理技术检测和解析冲突.理论分析和原型实现验证了该方法的有效性. Packet filters are rules for classifying packets based on their header fields and other related information. Packet classification is essential to enabling network services such as Quality of Service ( QoS ), routing, and security. However, conflicts among filters can cause undesirable system behavior. This paper proposes a new representation with precise semantics for specifying packet filter policies, gives the translation scheme from filter rules to a set of Horn clauses. Thus we can detect and resolve filter conflicts by means of logical reasoning. Theoretical analysis and prototype implementation validate our method of policy description and conflict resolution.
作者 韩智文 龚正虎 荣霓
机构地区 国防科技大学计算机学院 广州军区自动化站
出处 《电子学报》 EI CAS CSCD 北大核心 2005年第B12期2517-2523,共7页 Acta Electronica Sinica
基金 国家自然科学基金重大研究计划“网络与信息安全”(No.90104001) 国家973项目基金(No.2003CB314802) 国防预研项目基金“系统管理与网络管理”(No.413150202)
关键词 报文过滤策略 策略管理 策略冲突 冲突解决 packet filter policy policy management policy conflict conflict resolution
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1J D Moffett. Requirements and policies [ A ]. Position paper for Workshop on Policies in Distributed Systems [ C ]. HP-Laboratories, Bristol, UK, 1999.
  • 2Y Rekhter,T Li. Border Gateway protocol 4(BGP-4) [ S].RFC 1654, Intemet Engineering Task Force, 1994.
  • 3Z Fu,S F Wu,H Huang, K Loh,F Gong,I Baldine,Ch Xu.IPSec/VPN security policy: correctness, conflict detection,and resolution[ A]. In Pro. of IEEE Policy 2001[C]. Bristol, UK: Springer Verlag LNCS1955,2001.39 - 56.
  • 4H Adiseshu,S Suri,G Parulkar. Detecting and resolving packet triter conflicts[ A].In Proc. of IEEE. INFOCOM'2000[ C]. Tel Aviv ,Israel :IEEE Press,2000.1203 - 1212.
  • 5L Cholvy, F Cuppens. Analyzing consistency of security policies[ A]. In Proc of the 1997 IEEE Symposium on Security and Privacy [ C ]. Oakland, CA, USA: IEEE Press,1997. 103 - 112.
  • 6J B Michael,E H Sibley ,R F Baum,F Li. On the axiomatization of security policy: some tentative observations about logic representation [ R ]. Database Secuirity, VI: Status and Prospects, 1992. 367 - 386.
  • 7J B Michael. A formal process for testing the consistency of composed security policies[ D]. In Department of Information and Software Systems Engineering. Faiffax: George Mason University, 1993.
  • 8J Lobo, R Bhatia, S Naqvi. A policy description language[ A]. In Proc of AAAI - 1999[ C]. Orlando Florida: AAAI Press, 1999. 291 -298.
  • 9I Niemela. Towards efficient default reasoning[ A]. In Proc of 14^th International Joint Conference on Artificial Intelligence [ C ]. Montreal, Canada: Morgan Kaufmann Publishers, 1995. 312 -318.
  • 10T Eiter, G Gottlob, H Mannila. Disjunctive datalog [ J ].ACM Transactions on Database Systems, 1997,22 ( 3 ) :364 -418.

同被引文献6

引证文献1

二级引证文献5

电子学报
2005年 第B12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部