期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

访问控制列表的优化问题 被引量:11

Towards the Optimization of Access Control List
在线阅读 下载PDF
导出
摘要 访问控制列表(access control list,简称ACL)是解决和提高网络安全性的方法之一,但访问控制列表应用在网络设备的接口上将降低网络设备的性能.当ACL条目达到一定数量后,很难进行人工处理,根据一定算法进行ACL自动优化显得尤为重要.在深入研究ACL优化问题的基础上,考虑到一条语句与多条语句之间或多条语句与多条语句之间的交叉覆盖或包含关系,对ACL的全局优化问题进行了形式化描述,得出了3个有用的推论,并提出了一种ACL的近似优化算法.通过模拟实验表明,性能优于同类商业产品.该算法可以作为ACL优化研究方面的参考,通过进一步研究,推出相关产品. Access control list (ACL) is proposed to solve or improve the network security problem. It is widely deployed in network devices such as routers, switches and firewall appliances, to filter the packets. However, the performance of the network device will be degraded when access control lists are applied in data forwarding interfaces of the device. The optimization of the ACL can greatly improve the performance of the devices in packets forwarding. The paper studies the optimization problem of ACL, outlines the overlapping or containing relationships between single clause and multiple clauses or among multiple clauses, proposes a formula representation of the problem based on the studies, and draws three important conclusions. Based on these conclusions, an approximate optimization algorithm is designed and implemented. Simulation experiments show better performance than the similar commercial products, implying that the research not only provides theoretical references, but also has important practical application.
作者 曾旷怡 杨家海
机构地区 清华大学信息网络工程研究中心
出处 《软件学报》 EI CSCD 北大核心 2007年第4期978-986,共9页 Journal of Software
基金 SupportedbytheNationalNaturalScienceFoundationofChinaunderGrantNo.60473083(国家自然科学基金) theNationalHigh-TechResearchandDevelopmentPlanofChinaunderGrantNos.2003AA103110 2005AA103110-2(国家高技术研究发展计划(863))
关键词 网络管理 网络安全 访问控制列表 数据包过滤 优化 network management network security access control list packet filter optimization
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Xu K,Xu MW,Wu JP,Wu J.Survey on routing lookup algorithms.Journal of Software,2002,13(1):43-50 (in Chinese with English abstract).http://www.jos.org.cn/1000-9825/13/43.pdf
  • 2Zhou W,Meinel C.Implement role based access control with attribute certificates.In:Proc of the ICAC T2004.IEEE Press,2004.536-541.http://citeseer.ist.psu.edu/702966.html
  • 3Colton A.Cisco IOS for IP Routing.3rd ed.,Rocket Science Press,Inc.,2003.
  • 4Hari A,Suri S,Parulkar G.Detecting and resolving packet filter conflicts.In:Proc.of the INFOCOM 2000.Tel Aviv:IEEE Press,2000.1203-1212.http://www.microolap.com/downloads/files/pssdk/literature/hari00detecting.pdf
  • 5Cisco.User guide for ACL manager,software release 1.5.2003.233-242.http://www.cisco.com/en/US/products/sw/cscowork/ ps402/products_user_guide_chapter09186a008017addf.html
  • 6Bukhatwa F,Patel A.Effects of ordered access lists in firewalls.In:Michael L,ed.Proc.of the IADIS WWW/Internet 2003,ICWI 2003.Algarve:IADIS Press,2003.257-264.http://www.sigmod.org/dblp/db/conf/iadis/icwi2003.html
  • 7Grout V,McGinn J.Optimization of policy-based internet routing using access control lists.In:Proc.of the IFIP/IEEE Int'l Symp.on Integrated Network Management (IM 2005).Nice:IEEE Press,2005.http://www.newi.ac.uk/groutv/Papers/IEEE_IM_ACLs.pdf
  • 8Grout V,McGinn J,Davies J.Reducing processing latency in network packet filters.In:Proc.of the 5th Int'l Network Conf.(INC 2005).Samos Island,2005.3-10.http://www.newi.ac.uk/groutv/Papers/RPLinNPF.pdf

同被引文献72

引证文献11

二级引证文献47

软件学报
2007年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部