期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

分布式防火墙中的访问控制策略模型 被引量:1

Policy Delivery Model for Distributed Firewall
下载PDF
导出
摘要 为解决分布式防火墙中客户端的策略分发问题,借鉴基于角色的访问控制思想,提出一种适合于分布式防火墙环境的访问控制策略模型,策略服务器制定全局策略和角色限制策略,并通过集合运算制定出角色策略,再将其划分为用户级角色策略.对于相同角色的客户端,安全级别和访问权限相同,有效降低了为众多客户端分别制定特定策略的复杂度,规则检索的时间复杂度为O(1).测试结果表明,策略交互产生的网络流量对正常网络流量影响较小. To deliver policies to all clients in distributed firewalls, a role-based access control policy model is proposed, The policy server creates a global policy and a rule restricted policy, deduces role policy, and divides it into user-role policies. All clients in the same role set own the same security level and access rights. Complexity due to making policy individually for each client is reduced. Rules can be retrieved with high speed, and the time complexity is O( 1 ) using a Hash algorithm. Test results show that the flow produced by interactive communication on the network traffic can be ignored by applying this model.
作者 陈兵 胡莹 丁秋林
机构地区 南京航空航天大学信息科学与技术学院
出处 《应用科学学报》 CAS CSCD 北大核心 2008年第3期312-318,共7页 Journal of Applied Sciences
基金 国防预研基金资助项目(No.9140C60040307HT08)
关键词 分布式防火墙 全局策略 角色限制策略 角色策略 用户级角色策略 distributed firewall, global policy, role restricted policy, role policy, user role policy
分类号 TP393 [自动化与计算机技术—计算机应用技术] TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1BELLOVIN S M. Distributed firewall [ C ]//DARPA Information Survivability Conference Ⅱ,2001:37 -39.
  • 2IOANNIDIS S, KEROMYTIS A D, BELLOVIN S M. Implementing a distributed firewall [ C ]//ACM Conference on Computer and Communications Security, Athens, Greece, November 2000:680 -685.
  • 3MCDANIEL P D. Policy management in secure group communication[ D]. Computer Science and Engineering in the University of Michigan, 2001:31 - 34.
  • 4BLAZE M,FEIGENBAUM J, IOANNIDIS J. The KeyNote trustmanagement system[S], version 2, RFC2704, 1999.
  • 5段海新,吴建平,李星.面向大规模网络的基于政策的访问控制框架(英文)[J].软件学报,2001,12(12):1739-1747. 被引量:4
  • 6RUBEL P, IHDE M,HARP S, PAYNE C. Generating policies for defense in depth [ C]//Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005). IEEE Computer Society, 2005:505 - 514.
  • 7HWANG J J, WU K C, LIU D R: Access control with role attribute certificates [ C ]// Computer Standards & Interfaces, 2000 Elsevier Science B. V. :43 - 53.
  • 8杨庚,沈剑刚,容淳铭.基于角色的访问控制理论研究[J].南京邮电大学学报(自然科学版),2006,26(3):1-8. 被引量:15
  • 9林闯,封富君,李俊山.新型网络环境下的访问控制技术[J].软件学报,2007,18(4):955-966. 被引量:67

二级参考文献32

  • 1林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:253
  • 2[5]Leech, M. , Ganis, M. SOCKS Protocol Version 5. 1996. URL:ftp://ftp. isi. edu/in-notes/rfc1928. txt.
  • 3[6]Guttman, J.D. Filtering postures: local enforcement for global policies. In: Steve Kent, ed. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. New York: IEEE Computer Society, 1997. 120~ 129.
  • 4[7]Oppliger, R. Internet security: firewalls and beyond. Communieations of the ACM, 1997,40(5):92~102.
  • 5[8]Estrin, D. Tsudik, G. Secure control of transit internetwork traffic. Computer Networks and ISDN Systems, 1991,22(5) ,363~382.
  • 6[9]Hares, S. , Katz, D. Administrative domains and routing domains: a model for routing in the internet. RFC1136. 1989. URL :ftp://ftp. isi. edu/in-notes/rfc1136.txt.
  • 7[10]Newman, D. Super firewalls. Data Communications, 1999,28(5):51~61.
  • 8[1]Braden, R. , Clark, D. Report of IAB Workshop on Security in the Internet Architecture. RFC1636, 1994. URL:http://www. ietf. org/rfc/rfc1636. txt
  • 9[2]Bellovin, S.M., Cheswick, W.R. Network firewalls. IEEE Communications Magazine, 1994,32(9):50~57.
  • 10[3]Schuba, C.L. A reference model for firewall technology. In: Lyles, J.B. ed. Proceedings of the 13th Annual Computer Security Applications Conference. New York: IEEE Computer Society, 1997. 133~145.

共引文献83

同被引文献13

  • 1张彤,段德全,李雪.基于可信网络的分布式防火墙架构[J].计算机工程,2006,32(11):183-185. 被引量:2
  • 2张中辉,操家庆,梁意文.基于联动机制的入侵防御系统[J].计算机时代,2006(7):28-30. 被引量:7
  • 3牛广锋,林彤,王东安,葛敬国,南凯.过载服务器的接入控制[J].计算机工程,2007,33(10):114-116. 被引量:1
  • 4Qin Chi, Yu Cuanding, Zhang Zhaoyang, et al. Power reser-vation-based admission control scheme for IEEE 802. 16eOFDMA systems [ C ]// Proceedings of IEEE Wireless Com-munications and Networking Conference. 2007:1831-1835.
  • 5Trusted Computing Group. TCG Trusted Network ConnectTNC Architecture for Interoperability Specification, Version1.3,Reversion 6 [EB/OL]. http://www. opusl. com/nac/tnc/tnc_architecture_vl_3_i6. pdf, 2008-04-28.
  • 6Voigt T, Gunningberg P. Adaptive resource-based Webserver admission control[ C]// Proceedings of the SeventhInternational Symposium on Computers and Communica-tions. 2002:219.
  • 7孙晓姬,吴问付,周汉,等.一种接入控制的方法、装置和系统:中国,200910167128 [P]. 2011-03-30.
  • 8李波杰,卢磊,梁文亮.一种用户终端接人网络的方法及装置:中国,200810142558 [P]. 2010-02-03.
  • 9黎泽良,佘健,刘高锦.可信网络访问控制技术及系统[J].电信科学,2010,26(12):115-118. 被引量:3
  • 10全立新.一种基于加密技术的Web服务安全方法[J].制造业自动化,2011,33(4):82-84. 被引量:4

引证文献1

应用科学学报
2008年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部