| 网络安全策略冲突分类及自动检测与恢复 |
| |
| 引用本文: | 胡义香,李先义.网络安全策略冲突分类及自动检测与恢复[J].微计算机信息,2007,23(21):54-56,78. |
| |
| 作者姓名: | 胡义香 李先义 |
| |
| 作者单位: | 1. 421001,湖南衡阳,南华大学计算机科学与技术学院
2. 421001,湖南衡阳,南华大学数理学院 |
| |
| 基金项目: | 本项工作得到湖南省教委优秀青年项目资助(04B056) |
| |
| 摘 要: | 在分析网络安全策略冲突研究现状的基础上,针对策略冲突分类不完善及现在安全策略冲突检测方法的不足,指出由于网络策略之间的规则依赖语义和规则相互作用,一个成功的网络安全系统配置需要全面分析所有网络安全设备的策略配置以避免策略冲突和矛盾.本文首先描述了过滤规则之间所有可能的关系,然后对基于过滤的网络安全策略中的冲突进行全面分类,接着通过实验指出即使是专家系统管理员,产生这种冲突的可能性也很高,并提出了内部和外部访问列表策略冲突的自动检测与恢复模型来识别和矫正这些冲突,最后讨论了今后研究的方向.
|
| 关 键 词: | 内部策略冲突 外部策略冲突 访问列表 |
| 文章编号: | 1008-0570(2007)07-3-0054-03 |
| 修稿时间: | 2007-05-032007-06-05 |
Conflicts Classification and its automatic detection and recovery in network security policies |
| |
| HU YIXIANG,LI XIANYI.Conflicts Classification and its automatic detection and recovery in network security policies[J].Control & Automation,2007,23(21):54-56,78. |
| |
| Authors: | HU YIXIANG LI XIANYI |
| |
| Abstract: | After the current state of network security policy is overviewed, the faultiness of policy conflicts classification and the shortcoming of previous methods on security policies confliction detection are analyzed, A successful deployment of a network security system requires global analysis of policy configurations of all network security devices in order to avoid policy conflict and inconsistency due to rule dependency semantics and the interaction between policies in the network. In this paper, we first describe all the relations between filtering rules, and then present a comprehensive classification of the conflicts in filtering-based network security policy. Second, we also show the high probability of creating such conflicts even by expert system administrators and network practitioners, present an automatic detection and recovery model of intra-policy and inter-policy access list conflicts to identify and remedy these conflicts. Finally, we discuss future research directions. |
| |
| Keywords: | intra-policy conflicts inter-policy conflicts access list |
| 本文献已被 维普 万方数据 等数据库收录! |
|
