期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

防火墙策略冲突检测及冲突策略可视化 被引量:3

Firewall Policy Conflict Detection and Conflict Rules Visualization
原文传递
导出
摘要 为了检测防火墙策略中的所有冲突,避免修改冲突时引入新冲突,文中采用对规则进行分割来检测冲突。其中,冲突检测包括3个部分:防火墙策略分割、对分割的结果进行分析和计算,以及冲突域提取。同时,为了对冲突规则以及产生冲突的原因进行分析,文中采用网格的可视化方法实现了对防火墙规则之间以及规则与冲突域之间的关系。采用这种技术能够提高管理员发现、分析和修改策略冲突的效率和准确性,并通过实验验证了该方法的有效性。 In order to detect all conflicts existing in firewall policy and visualize the relationships between rules and the reasons that generate conflicts, the rule segmentation is adopted to detect conflicts, and grids visualization method to visualize the relationships between rules and the reasons that generates conflicts. Conflict detection contains three functional parts, including segmentation of firewall policy, analysis on the segmentation result and extraction of the conflict domain. Thus the administrator could clearly know the anomaly cause, enhance the understanding, inspect the firewall policies, and avoid the introduction of new conflicts while modifying existing conflicts. And the experiment indicates the feasibility and effectiveness of this method.
作者 孙立琴 潘理
机构地区 上海交通大学电子信息与电气工程学院 上海市信息安全综合管理技术研究重点实验室
出处 《信息安全与通信保密》 2012年第5期75-77,83,共4页 Information Security and Communications Privacy
基金 国家自然科学基金资助项目(批准号:60903191)
关键词 防火墙 可视化 冲突检测 firewall visualization conflict detection
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
作者简介 孙立琴,1987年生,女,硕士研究生,研究方向:防火墙策略冲突检测及可视化; 潘理,1974年生,男,副教授,博士生导师,研究方向:网络安全技术。
  • 相关文献

参考文献10

  • 1EHAB S AI-Shaer, HAZEM H Hamed. Design and Emplementation of Firewall Policy Advisor Tools[J]. IEEE lournals, 2005, 10(23): 2069-2084.
  • 2王宇,陆松年.Web应用防火墙的设计与实现[J].信息安全与通信保密,2011,9(5):104-106. 被引量:15
  • 3叶振新,杨树堂,马进.防火墙性能优化[J].信息安全与通信保密,2009,31(6):48-51. 被引量:4
  • 4RAO Prathima, GABRIEL Ghinita, ELISA Bertino. Visualization for Access Control Policy Analysis Results Using Multi-level Grids[J]. IEEE Transactions on Knowledge and Data Engineering, 2009(9) : 25-28.
  • 5TUNG Tran, EHAB A1-Shaer, RAOUF Boutaba. PolicyVis : Firewall Security Policy Visualization and Inspection[R]. Canada: [s.n.], 2007: 1-16.
  • 6ROBERT W Reeder, LUJO Bauer, LORRIE Faith Cranor. Expandable Grids for Visualizing and AuthoRing Computer Security Policies[J]. IEEE Transactions on Knowledge and Data Engineering, 2008(2): 1473-1482.
  • 7KAMI Vaniea, Ni Qun, LORRIE Cranor. Access Control Policy Analysis and Visualization Tools for Security Professionals[J]. IEEE Transactions on Software Engineering, 2009(1): 1-6.
  • 8苏剑飞,王景伟.网络攻击技术与网络安全探析[J].通信技术,2010,43(1):91-93. 被引量:31
  • 9SCOTT Hazelhurst, ANTON Fatti, HENWOOD Andrew. Binary Decision Diagram Representations of Firewall and Router Access Lists[J]. International Journal of Computer Science andApplications, 1998(1): 1-11.
  • 10John Whaley. JavaBDD[EB/OL]. (2007-10-29)[2011-12- 21]. http: //javabdd.sourceforge.net.

二级参考文献13

  • 1陈楠,薛质.SQL注入攻击的实现和防范[J].信息安全与通信保密,2005(1):48-50. 被引量:18
  • 2Gouda M G,Liu X Y A.Firewall Design:Consistency,Completeness and Compactness[C].Distributed Computing Systems,2004.Proceedings.24th International Conference on,2004:320-327.
  • 3Alshaer E S,Hamed H H.Firewall Policy Advisor for Anomaly Discovery and Rule Editing[C].Integrated Network Management,2003.IFIP/ IEEE Eighth International Symposium on,24-28 March 2003:17-30.
  • 4Acharya S,Wang Jia,Ge Zihui,et al.Simulation Study of Firewalls to Aid Improved Performance[C].Communications,2006 IEEE International Conference on,June 2006,Volume 5:2225-2230.
  • 5Golnabi K,Richard K M,Khan L,et al.Analysis of Firewall Policy Rules Using Data Mining Techniques[C].//Proc.of the 10th IEEE/IFIP Network Operations and Management Symposium.IS.1.] IEEE Press,2006.
  • 6Ikavaka D. How do Computer Hackers "Get Inside" a Computer[J]. Scientif American, 2005, 292(01): 104-105.
  • 7MUTHUPRASANNA M, WEI K, KOTHARI S. Eliminating SQL Injection Attacks-A Transparent Defense Mechanism[C]. IEEE. Symposium on Web Site Evolution (WSE'06). Philadelphia: [s.n.], 2006 : 22-32.
  • 8ABDUL R, ALI H. Multi-layered Defense against Web Application Attacks[C]//IEEE. Sixth International Conference on Information Technology. [s.l.]: IEEE, 2009: 492-497.
  • 9ZHANG Y, SREEDHAR V. Adaptive Rule Loading and Session Control for Securing Web-Delivered Services[C]//IEEE. Proceedings of the 2009 Congress on Services-I. Los Angeles, CA: IEEE, 2009: 645-652.
  • 10ASAAD M, EANAS M. Proposing a Hybrid-intelligent Framework to Secure E-government Web Applications[C]//ACM. Proceedings of the 2nd International Conference on Theory and Practice of Electronic Governance. Cairo: IEEE, 2008: 01-03.

共引文献47

同被引文献25

引证文献3

二级引证文献11

信息安全与通信保密
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部