Advertisement

Comparison Model and Algorithm for Distributed Firewall Policy

  • Weiping Wang
  • Wenhui Chen
  • Zhepeng Li
  • Huaping Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4114)

Abstract

As a traditional technique of information security, distributed firewall has taken very important position, while problems remain. Correct configuration of distributed firewall policies and keeping individual firewall filter decisions compatible to each other are quite inconvenient for administrators. To realize the comparison between firewalls’ policies, this paper provide FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm. Combination of the two algorithms can be used to perform a comparison between distributed firewalls’ policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and find out the inconsistency in distributed firewall policies. Besides, this model could be extended to package classification systems for policies comparison.

Keywords

Leaf Node Policy Tree Security Policy Intrusion Detection System Construction Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Weiping Wang
    • 1
  • Wenhui Chen
    • 1
  • Zhepeng Li
    • 1
  • Huaping Chen
    • 1
  1. 1.School of Management, University of Science & Technology of China, 230026China

Personalised recommendations