| 一种针对规则冲突的规则集语义比较算法 |
| |
| 引用本文: | 李林,卢显良,徐海湄,李泽平,李梁.一种针对规则冲突的规则集语义比较算法[J].中国海洋大学学报(自然科学版),2008(Z1). |
| |
| 作者姓名: | 李林 卢显良 徐海湄 李泽平 李梁 |
| |
| 作者单位: | 电子科技大学计算机科学与工程学院 |
| |
| 基金项目: | 信息产业部生产发展基金(2004)资助 |
| |
| 摘 要: | 应用DFD(Diverse Firewall Design)方法进行防火墙规则集设计时,需使用规则集语义比较算法,判断多个规则集是否语义一致。规则冲突是导致规则集语义不一致的主要原因。因此,需要研究针对规则冲突的规则集语义比较算法。而现有算法时空复杂度较高,性能低下。文中提出了1种基于关键数据包选取映射的规则集语义比较算法(KPCM)。KPCM算法针对规则冲突选取关键数据包,并通过比较这些数据包在不同规则集中的处理动作,判断这些规则集是否语义一致。理论分析和测试表明,KPCM算法时空性能均优于现有算法。
|
| 关 键 词: | 规则冲突 规则集语义比较 关键数据包 防火墙 规则集正确性 |
A Rule Sets Semantic Comparing Algorithm for Rule Conflicts |
| |
| LI Lin,LU Xian-Liang,XU Hai-Mei,LI Ze-Ping,Li Liang.A Rule Sets Semantic Comparing Algorithm for Rule Conflicts[J].Periodical of Ocean University of China,2008(Z1). |
| |
| Authors: | LI Lin LU Xian-Liang XU Hai-Mei LI Ze-Ping Li Liang |
| |
| Institution: | LI Lin,LU Xian-Liang,XU Hai-Mei,LI Ze-Ping,Li Liang(The College of Computer Science of UESTC of China,Chengdu 610054,China) |
| |
| Abstract: | When Diverse Firewall Design(DFD) is employed to design a firewall rule set,multiple teams,who get the same requirement specification of the firewall rule set,independently configure different versions of the rule set.And then rule sets semantic comparing algorithms can be employed to decide whether multiple rule sets are consistent or not.With the increasing of the number of rules,there are more and more conflicting rule pairs in many rule sets.And these pairs usually lead to the inconsistency of rule sets... |
| |
| Keywords: | rule conflicts rule sets semantic comparing key packets firewall rule sets correctness |
| 本文献已被 CNKI 维普 等数据库收录! |
|
