期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

针对规则更新操作的测试数据包选取算法

Test packet-choosing algorithm for rules updating
下载PDF
导出
摘要 防火墙规则集中存在的配置错误主要来源于规则的添加、删除等更新操作。因此进行规则更新时,需要使用测试算法判断更新操作的正确性。现有的测试算法仅从被添加或被删除规则的顶点选取测试数据包,不能检测出所有因规则冲突而导致的配置错误。基于此,提出了一种针对规则更新操作的测试数据包选取算法PCRU。该算法从两处选取测试数据包,即被添加或者被删除的规则的顶点和规则冲突区域。理论分析和仿真实验表明,与现有测试算法相比,在进行规则更新时,PCRU算法只需使用少量的测试数据包,即可检测出所有因规则冲突而导致的配置错误。 The deployment errors in firewall rule sets mainly come from rules updating. And hence test algorithms should be employed to verify the correctness of updating when rules are added or deleted. Current test algorithms only choose test packets from apexes of added or deleted rules, which cannot detect deployment errors caused by rule conflicts. This paper proposed a test packet-choosing algorithm for rules updating, which was named packet choosing rule updating (PCRU). PCRU chose test packets from the apexes of rules and from conflicting areas. The results of simulations show that PCRU can detect the deployment errors caused by rule conflicts when rule uodating at the cost of a small number of test packets.
作者 李林 卢显良 聂晓文 徐海湄 蒲汛 彭永祥
机构地区 电子科技大学计算机科学与工程学院
出处 《计算机应用研究》 CSCD 北大核心 2009年第5期1919-1921,共3页 Application Research of Computers
基金 国家信息产业部生产发展基金资助项目
关键词 规则冲突 规则更新操作 测试数据包 防火墙 正确性 rule conflicts rule updating test packets firewall correctness
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1ALLEN J. The CERT guide to system and network security practices [ M ]. New York : Addison-Wesley ,2001 : 1-200.
  • 2JURJENS J, WIMMEL G. Specification-based testing of firewalls [ C ]//Proc of the 4th International Conference on Perspectives of System Infnrmatics. Washington DC:IEEE Press,2001:308-316.
  • 3WOOL A, MAYER A, ZISKIND E. A firewall analysis engine [ C ]// Proc of IEEE Symposium on Security and Privacy. Chicago: IEEE Press, 2000 : 85 -97.
  • 4LYU M, LAU L. Firewall security: policies, testing and performance evaluation[ C ]//Proc of International Conference on Computer Systems and Applications. New York : IEEE Press,2000 : 116-121.
  • 5SCHULTZ E, FRANTZEN M, KERSCHBAUM F. A framework for understanding vulnerabilities in firewalls using a data/low model of firewall internals [ J]. Computers and Security, 2001,20 ( 3 ) : 263- 270.
  • 6TAWIL K , KALTHAM I A. Evaluation and testing of Internet firewalls [ J]. International doumal of Network Management,2002,9(3 ) : 135-149.
  • 7田原,云晓春,朱晓晖.防火墙性能基准测试研究[J].计算机仿真,2003,20(7):123-126. 被引量:4
  • 8DVID E T, JONATHKN S T. ClassBench: a packet classification benchmark[J]. IEEE Trans on Networking,200?, 15 (3) : 499- 511.

二级参考文献9

  • 1Emst & Young.Firewall Study II[M].,German Information Security Agency,May 18th,2001.
  • 2A G Siemens. Gesicherte Verbindung van Computemetzen mit Hilfe einer Firewall [R]. (http://www. bsi. de/literat/studien/fw - stud.htm), German Information Security Agency , 1997.
  • 3D Newman . Bechmarking Teminology for Firewall Performance[S].RFC2647, August 1999.
  • 4S Bradner editor.Bechmarking Terminology for Network Intrconnection Devices[S]. RFC1242, July 1991.
  • 5S Bradner, J McQuaid. Benchmarking Methodology Network Interconnection Devices[S]. RFC2544, March 1999.
  • 6R Mandeville. Benchmarking Terminology for LAN Switching Devices.[S].RFC2285,February 1998.
  • 7R Mandeville, J. perser. Benchmarking Methodology for LAN Switching Devices[s].RFC2889, August 2000.
  • 8ICSA Lab. Firewall Product Certification Criteria, Version 4.0[M].TruSecure Corporation,April 2002.
  • 9INTERNATIONAL STANDARD.Evaluation criteria for IT security[S].ISO/IEC 15408,December 1999.

共引文献3

计算机应用研究
2009年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部