期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于逻辑编程的防火墙规则形式化分析方法

Logic Programming Based Formal Analysis Method of Firewall Rules
在线阅读 下载PDF
导出
摘要 防火墙作为网络安全体系的基础和核心控制设备,其作用的发挥取决于防火墙规则的正确配置。由于防火墙规则配置的复杂性,导致规则间可能存在冲突,使其不能满足安全目标。文章提出一种基于逻辑编程的防火墙规则形式化分析方法,将安全目标与防火墙规则转换为逻辑程序后加载到推理引擎,制订一系列推理规则,通过提出高级查询进行防火墙规则的冲突检测和正确性验证,并对分析结果进行解释。 Firewall is the basal and principal equipment of network security architecture, its function lying on the correctness of firewall rules. Firewall rules are so complex that they may not consistent with each other. In this paper, a logic programming based formal analysis method to confirm anoma- ly detection and property checking are proposed. Firewall rules and security requirement into logic programs are translated, then import into reasoning engine and performing analysis through submit- ting queries. All of the results are explained.
作者 李鼎 鲁柯 周保群 赵彬
机构地区 信息工程大学电子技术学院 河南预备役
出处 《信息工程大学学报》 2009年第2期195-199,共5页 Journal of Information Engineering University
基金 军队科研基金资助项目
关键词 防火墙规则 逻辑编程 冲突检测 firewall rules logic programming anomaly detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1韩智文,朱培栋,龚正虎.策略冲突的检测和解决方法研究[J].计算机工程与科学,2006,28(5):18-22. 被引量:5
  • 2Uribe T E,Cheung S. Automatic Analysis of Firewall and Network Intrusion Detection System Configurations [ J ]. Journal of Compnter security,2004,15 (6) :691 - 715.
  • 3Al-Shaer E S, Hamed H H. Firewall Policy Advisor for Anomaly Doscovery and Rule Editing [ C ]//Proceedings of 8th IFIP/IEEE International Symposium on Integrated Network Management. Colarado Springs. 2003 : 17 - 30.
  • 4FU Z,Wu S F,Huang H,et al. IPSec/VPN Security Policy : Correctness, Conflict Detection, and Resolution [ C ]// IEEE Policy 2001. LNCS 1995,2001:39 -56.
  • 5Marmorstein, Robert, Phil Kearns. A tool for automated iptables firewall analysis [ C ]//Freenix Track, 2005 USENIX Annual Technical Conference. 2005:71 - 82.

二级参考文献13

  • 1J D Moffett,M S Sloman.Policy Conflict Analysis in Distributed System Management[J].Ablex Publishing Journal of Organizational Computing,1994,4(1):1-22.
  • 2Z Fu,S F Wu.Automatic Generation of IPSec/VPN Security Policies in an Intra-Domain Environment[A].Distributed System Operation and Management Workshop(DSOM 2001)[C].2001.
  • 3J D Moffett,M S Sloman.Policy Hierarchies for Distributed Systems Management[J].IEEE Journal on Selected Areas in Communication,1993,11(9):1404-1414.
  • 4J D Moffett.Requirements and Policies[A].Position Paper for Policy Workshop 1999[C].1999.
  • 5M Koch,L V Mancini,F P Presicce.A Formal Model for Role-Based Access Control Using Rraph Transformation[A].Proc of the 6th European Symp on Research in Computer Security (ESORICS 2000).LNCS 1895[C].2000.122-139.
  • 6M Koch,L V Mancini,F P Presicce.On the Specification and Evolution of Access Control Policies[A].Proc 6th ACM Symp on Access Control Models and Technologies[C].2001.121-130.
  • 7M Koch,L V Mancini,F P Presicce.Conflict Detection and Resolution in Access Control Policy Specifications[A].Proc FoSSaCS 2002.LNCS 2303[C].2002.223-237.
  • 8L Cholvy,F Cuppens.Analyzing Consistency of Security Policies[A].IEEE Symp on Security and Privacy[C].1997.
  • 9J B Michael,E H Sibley,R Baum,et al.On the Axiomatization of Security Policy:Some Tentative Observations About Logic Representation[A].Database Security,VI:Status and Prospects[M].1992.
  • 10J B Michael.A Formal Process for Testing the Consistency of Composed Security Policies:[Ph D Dissertation][D].Department of Information and Software Systems Engineering,George Mason University,1993.

共引文献4

信息工程大学学报
2009年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部