| 基于元组空间搜索的规则集冲突检测算法 |
| |
| 引用本文: | 李林,卢显良.基于元组空间搜索的规则集冲突检测算法[J].北京邮电大学学报,2006,29(5):111-114. |
| |
| 作者姓名: | 李林 卢显良 |
| |
| 作者单位: | 电子科技大学,计算机学院,成都,610054;电子科技大学,计算机学院,成都,610054 |
| |
| 摘 要: | 当添加防火墙规则时,新规则可能会与已有规则发生冲突,造成潜在的安全漏洞。要避免此漏洞产生,管理员必须正确地确定新规则插入的位置,找出与新规则相冲突的所有规则。目前冲突检测算法时间复杂度为O(dN),效率低下,为此提出了一种基于元组空间搜索的规则集冲突检测算法。该算法不仅能找出与新规则相冲突的所有规则,且时间复杂度降为O(㏒N+N/w),可有效帮助管理员正确确定新规则插入位置,避免了漏洞的产生。
|
| 关 键 词: | 规则冲突 元组空间搜索 安全漏洞 |
| 文章编号: | 1007-5321(2006)05-0111-04 |
| 收稿时间: | 2005-10-08 |
| 修稿时间: | 2005年10月8日 |
A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search |
| |
| LI Lin,LU Xian-liang.A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search[J].Journal of Beijing University of Posts and Telecommunications,2006,29(5):111-114. |
| |
| Authors: | LI Lin LU Xian-liang |
| |
| Affiliation: | Department of Computer Science, university of electronic science and technology, Chengdu 610054, China |
| |
| Abstract: | Adding a new firewall rule often conflicts with the existed ones,which leads to security vulnerabilities.In order to avoid such vulnerabilities,firewall administrators have to determine an appropriate position in the firewall rule set to be inserted,and identify all the rules conflicting with the new rule in advance.The time complexity of the current conflicts detection algorithm for firewall rule set is O(dN),which makes its performance very poor.A new algorithm for detecting firewall rule set conflicts based on tuple space search is presented not only to find all the rules conflicting with the new rule,but also reduce the time complexity as O(lgN+N/w).So it can efficiently help administrators determine an appropriate insertion position of the new rule to avoid vulnerabilities. |
| |
| Keywords: | rule conflicts tuple space search security holes |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
