| 基于形式化技术的IPSec安全策略冲突发现研究 |
| |
| 引用本文: | 金民华,黄俊.基于形式化技术的IPSec安全策略冲突发现研究[J].计算机工程与设计,2007,28(15):3582-3584,3607. |
| |
| 作者姓名: | 金民华 黄俊 |
| |
| 作者单位: | 浙江大学计算机学院 浙江杭州310027(金民华),中国计量学院计算机系 浙江杭州310018(黄俊) |
| |
| 摘 要: | 基于安全策略形式化技术,提出了通过有序两元判定图表(OBDD)提供全面IPSec安全策略冲突的识别和分类的通用架构模型.基于这架构模型,研究了在通用IPSec策略配置过程中发现策略内部的冲突问题的技术.实验测试证明了该架构模型和技术在发现和解决策略冲突问题的有效性.
|
| 关 键 词: | 网络安全 安全策略 防火墙 内部策略冲突 形式化模型 有序两元判定图表 形式化技术 IPSec 安全策略 策略冲突 发现研究 modeling technology formal based conflict 有效性 实验测试 问题 发现策略 配置过程 架构模型 分类 识别 OBDD 有序 |
| 文章编号: | 1000-7024(2007)15-3582-03 |
| 修稿时间: | 2006-07-18 |
Research on IPSec inter-policy conflict discovering based on formal modeling technology |
| |
| JIN Min-hua,HUANG Jun.Research on IPSec inter-policy conflict discovering based on formal modeling technology[J].Computer Engineering and Design,2007,28(15):3582-3584,3607. |
| |
| Authors: | JIN Min-hua HUANG Jun |
| |
| Affiliation: | 1. College of Computer Science, Zhejiang University, Hangzhou 310027, China; 2. Department of Computer, China Jiliang University, Hangzhou 310018, China |
| |
| Abstract: | Based on formal modeling technology and ordered binary decision diagrams,a generic model that captures various filtering policy semantics using Boolean expressions is presented.The model is used to derive a canonical representation for IPSec policies using ordered binary decision diagrams.A comprehensive framework is developed to classify and identify conflicts that could exist in a single IPSec device(intra-policy conflicts) in enterprise networks.The test and evaluation study on different network environments demonstrates the effectiveness and efficiency of the approach. |
| |
| Keywords: | network security security policy firewall inter-policy conflict formal model OBDD |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
