摘要
为解决分布式防火墙中客户端的策略分发问题,借鉴基于角色的访问控制思想,提出一种适合于分布式防火墙环境的访问控制策略模型,策略服务器制定全局策略和角色限制策略,并通过集合运算制定出角色策略,再将其划分为用户级角色策略.对于相同角色的客户端,安全级别和访问权限相同,有效降低了为众多客户端分别制定特定策略的复杂度,规则检索的时间复杂度为O(1).测试结果表明,策略交互产生的网络流量对正常网络流量影响较小.
To deliver policies to all clients in distributed firewalls, a role-based access control policy model is proposed, The policy server creates a global policy and a rule restricted policy, deduces role policy, and divides it into user-role policies. All clients in the same role set own the same security level and access rights. Complexity due to making policy individually for each client is reduced. Rules can be retrieved with high speed, and the time complexity is O( 1 ) using a Hash algorithm. Test results show that the flow produced by interactive communication on the network traffic can be ignored by applying this model.
出处
《应用科学学报》
CAS
CSCD
北大核心
2008年第3期312-318,共7页
Journal of Applied Sciences
基金
国防预研基金资助项目(No.9140C60040307HT08)