| 防火墙策略冲突检测及冲突策略可视化 |
| |
| 引用本文: | 孙立琴,潘理.防火墙策略冲突检测及冲突策略可视化[J].信息安全与通信保密,2012(5):75-77,83. |
| |
| 作者姓名: | 孙立琴 潘理 |
| |
| 作者单位: | 上海交通大学电子信息与电气工程学院,上海200240/上海市信息安全综合管理技术研究重点实验室,上海200240 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 为了检测防火墙策略中的所有冲突,避免修改冲突时引入新冲突,文中采用对规则进行分割来检测冲突。其中,冲突检测包括3个部分:防火墙策略分割、对分割的结果进行分析和计算,以及冲突域提取。同时,为了对冲突规则以及产生冲突的原因进行分析,文中采用网格的可视化方法实现了对防火墙规则之间以及规则与冲突域之间的关系。采用这种技术能够提高管理员发现、分析和修改策略冲突的效率和准确性,并通过实验验证了该方法的有效性。
|
| 关 键 词: | 防火墙 可视化 冲突检测 |
Firewall Policy Conflict Detection and Conflict Rules Visualization |
| |
| SUN Li-qin,PAN Li.Firewall Policy Conflict Detection and Conflict Rules Visualization[J].China Information Security,2012(5):75-77,83. |
| |
| Authors: | SUN Li-qin PAN Li |
| |
| Affiliation: | 1.School of Electronic lnformation and Electric Engineering, Shanghai Jiaotong University, Shanghai200240, China; 2Key Laboratory of Information Security Management Technology, Shanghai 200240, China) |
| |
| Abstract: | In order to detect all conflicts existing in firewall policy and visualize the relationships between rules and the reasons that generate conflicts, the rule segmentation is adopted to detect conflicts, and grids visualization method to visualize the relationships between rules and the reasons that generates conflicts. Conflict detection contains three functional parts, including segmentation of firewall policy, analysis on the segmentation result and extraction of the conflict domain. Thus the administrator could clearly know the anomaly cause, enhance the understanding, inspect the firewall policies, and avoid the introduction of new conflicts while modifying existing conflicts. And the experiment indicates the feasibility and effectiveness of this method. |
| |
| Keywords: | firewall visualization conflict detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
