期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

分布式防火墙策略配置错误的分析与检测 被引量:4

Analysis of distributed firewall policy configuration mistakes and their detection
下载PDF
导出
摘要 作为一种传统的信息安全技术,分布式防火墙发挥着非常重要的作用,同时,它也存在着一些问题.分布式防火墙策略经常会存在冲突,给企业带来了安全隐患.在讨论了防火墙规则的几种关系之后,给出了可能存在的策略配置错误,并给出了检测策略配置错误的算法,算法的仿真实验证明了算法的有效性和执行效率.最后,给出了需要进一步研究的方向. As a traditional information security technology ( IST), distributed firewall is playing an important role but it has some problems. Conflicts always appear in distributed firewall policy, bringing the security menace. After discussions of some relations between the rules of firewall, this paper demonstrates the probable mistakes which might exist in policy configuration, and also introduces an algorithm of mistake-detecting about policy configuration. Finally, the direction of further research is also presented.
作者 王卫平 陈文惠 朱卫未 陈华平 杨杰
机构地区 中国科学技术大学信息管理与决策科学系 江苏省公安厅信息中心
出处 《中国科学院研究生院学报》 CAS CSCD 2007年第2期257-265,共9页 Journal of the Graduate School of the Chinese Academy of Sciences
基金 国家863计划项目(2003AA103710)资助
关键词 分布式防火墙 策略 规则冲突 算法 distributed firewall, policy, rule conflict, algorithm
分类号 TN915.08 [电子电信—通信与信息系统]
  • 相关文献

参考文献16

  • 1Al-Shaer ES,Hamed HH.Management and translation of filtering security policies.In:IEEE ICC'03.Anchorage Alaska:IEEE,256 ~ 260
  • 2Al-Shaer ES,Hamed HH.Firewall policy advisor for anomaly detection and rule editing.In:Zuckerman D (ed).IEEE/IFIP Integrated Network Management.Colorado Springs,Colorado:IEEE,2003.17 ~ 30
  • 3Al-Shaer ES,Hamed HH.Discovery of policy anomalies in distributed firewalls.In:Li VOK(ed).IEEE INFOCOM'04.Hong Kong:IEEE,2004.2605 ~ 2616
  • 4Al-Shaer ES,Hamed HH,Boutaba R,et al.Conflict classification and analysis of distributed firewall policies.IEEE Journal on Selected Areas in Communications,2005,23 (10):2069~ 2084
  • 5Hari B,Suri S,Parulkar G.Detecting and resolving packet filter conflicts.In:Rom R (ed).IEEE INFOCOM'2000.Tel Aviv,Israel:IEEE,1203 ~ 1212
  • 6Baboescu F,Varghese 3.Fast and scalable conflict detection for packet classifiers.In:Cavalli A(ed).Proc of the 10th IEEE International Conference on Network Protocols.Paris:IEEE,2002.270 ~ 279
  • 7Baboescu F,Singh S,Varghese G.Packet classification for core routers:Is there an alternative to cams? In:Roberts J(ed).IEEE INFOCOM'03.San Francisco:IEEE,2003.53 ~ 63
  • 8Mayer A,Wool A,Ziskind E.Fang:A firewall analysis engine.In:Proc of IEEE Symposium on Security and Privacy.Berkeley:IEEE,2000.177 ~ 187
  • 9Eronen P,Zitting J.An expert system for analyzing firewall rules.In:Nielson HR(ed).Proc of 6th Nordic Workshop on Secure IT-Systems.Copenhagen,Denmark:2001.100~ 107
  • 10Gouda MG,Liu XY.Firewall design:consistency,completeness and compactness.In:Proc of the 24th IEEE International Conference on Distributed Computing Systems.Tokyo,Japan:IEEE,2004.320 ~ 327

同被引文献31

引证文献4

二级引证文献6

中国科学院研究生院学报
2007年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部