| 针对规则更新操作的测试数据包选取算法* |
| |
| 引用本文: | 李林,卢显良,聂晓文,徐海湄,蒲汛,彭永祥. 针对规则更新操作的测试数据包选取算法*[J]. 计算机应用研究, 2009, 26(5): 1919-1921 |
| |
| 作者姓名: | 李林 卢显良 聂晓文 徐海湄 蒲汛 彭永祥 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,成都,610054 |
| |
| 基金项目: | 国家信息产业部生产发展基金资助项目 |
| |
| 摘 要: | 防火墙规则集中存在的配置错误主要来源于规则的添加、删除等更新操作。因此进行规则更新时,需要使用测试算法判断更新操作的正确性。现有的测试算法仅从被添加或被删除规则的顶点选取测试数据包,不能检测出所有因规则冲突而导致的配置错误。基于此,提出了一种针对规则更新操作的测试数据包选取算法PCRU。该算法从两处选取测试数据包,即被添加或者被删除的规则的顶点和规则冲突区域。理论分析和仿真实验表明,与现有测试算法相比,在进行规则更新时,PCRU算法只需使用少量的测试数据包,即可检测出所有因规则冲突而导致的配置错误。
|
| 关 键 词: | 规则冲突;规则更新操作;测试数据包;防火墙;正确性 |
Test packet-choosing algorithm for rules updating |
| |
| LI Lin,LU Xian-liang,NIE Xiao-wen,XU Hai-mei,PU Xun,PENG Yong-xiang. Test packet-choosing algorithm for rules updating[J]. Application Research of Computers, 2009, 26(5): 1919-1921 |
| |
| Authors: | LI Lin LU Xian-liang NIE Xiao-wen XU Hai-mei PU Xun PENG Yong-xiang |
| |
| Affiliation: | (School of Computer Science & Engineering,University of Electronic Science & Technology of China, Chengdu 610054, China) |
| |
| Abstract: | The deployment errors in firewall rule sets mainly come from rules updating. And hence test algorithms should be employed to verify the correctness of updating when rules are added or deleted. Current test algorithms only choose test packets from apexes of added or deleted rules, which cannot detect deployment errors caused by rule conflicts. This paper proposed a test packet-choosing algorithm for rules updating, which was named packet choosing rule updating (PCRU).PCRU chose test packets from the apexes of rules and from conflicting areas. The results of simulations show that PCRU can detect the deployment errors caused by rule conflicts when rule updating at the cost of a small number of test packets. |
| |
| Keywords: | rule conflicts rule updating test packets firewall correctness |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
