摘要
目前Ponder语法一般采用域表达式来标识主体和目标,不支持IP这类特殊类型的主体/目标标识。而防火墙的策略描述一般用IP地址来标识,如何扩展Ponder语法,使其可以表达防火墙的访问控制规则,是目前用Ponder语言描述防火墙规则亟待解决的问题。引进IP域和服务域结构,给出了采用IP数据包标识目标的描述方法。
Currently,the Ponder syntax generally adopts domain-expression to express subject and target and it doesn't support IP expression. However, the firewall policy description always adopts IP address for expression. The expansion of Ponder syntax is currently an important problem for firewall access contol rule expression. The IP domain and the service domain structures are introduced, and the description method of target expression with IP data packages is presented.
出处
《计算机应用与软件》
CSCD
北大核心
2008年第4期258-259,280,共3页
Computer Applications and Software