北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (5): 111-114.doi: 10.13190/jbupt.200605.111.lil

• 研究报告 • 上一篇    下一篇

基于元组空间搜索的规则集冲突检测算法

李 林, 卢显良   

  1. 电子科技大学 计算机学院, 成都 610054
  • 收稿日期:2005-10-08 修回日期:1900-01-01 出版日期:2006-10-30 发布日期:2006-10-30
  • 通讯作者: 李 林

A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search

LI Lin, LU Xian-liang   

  1. Department of Computer Science, university of electronic science and technology, Chengdu 610054, China
  • Received:2005-10-08 Revised:1900-01-01 Online:2006-10-30 Published:2006-10-30
  • Contact: LI Lin

摘要:

当添加防火墙规则时,新规则可能会与已有规则发生冲突,造成潜在的安全漏洞。要避免此漏洞产生,管理员必须正确地确定新规则插入的位置,找出与新规则相冲突的所有规则。目前冲突检测算法时间复杂度为O(dN),效率低下,为此提出了一种基于元组空间搜索的规则集冲突检测算法。该算法不仅能找出与新规则相冲突的所有规则,且时间复杂度降为O(㏒N+N/w),可有效帮助管理员正确确定新规则插入位置,避免了漏洞的产生。

关键词: 规则冲突, 元组空间搜索, 安全漏洞

Abstract:

Adding a new firewall rule often conflicts with the existed ones, which leads to security vulnerabilities. In order to avoid such vulnerabilities, firewall administrators have to determine an appropriate position in the firewall rule set to be inserted, and identify all the rules conflicting with the new rule in advance. The time complexity of the current conflicts detection algorithm for firewall rule set is O(dN), which makes its performance very poor. A new algorithm for detecting firewall rule set conflicts based on tuple space search is presented not only to find all the rules conflicting with the new rule, but also reduce the time complexity as O(logN+N/w). So it can efficiently help administrators determine an appropriate insertion position of the new rule to avoid vulnerabilities.

Key words: rule conflicts, tuple space search, security holes

中图分类号: