作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (12): 185-187. doi: 10.3969/j.issn.1000-3428.2007.12.065

• 安全技术 • 上一篇    下一篇

IPSec安全策略形式化技术的研究

黄 俊,韩玲莉   

  1. (中国计量学院计算机科学系,杭州 310018)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-06-20 发布日期:2007-06-20

Research on Formal Modeling Technology of IPSec Security Policy

HUANG Jun, HAN Lingli   

  1. (Department of Computer Science, China Jiliang University, Hangzhou 310018)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-06-20 Published:2007-06-20

摘要: IPSec安全策略配置是一项复杂和易出错的工作。为解决这问题,提出了通过有序两元判定图表(OBDD)提供全面的IPSec安全策略冲突识别和分类的通用架构模型,并基于该架构模型,开发了一组在通用IPSec策略配置过程中发现策略内部的冲突问题的技术。实验测试证明了该架构模型和技术在发现和解决策略冲突问题的有效性。

关键词: 网络安全, IPSec, 安全策略, 防火墙, 形式化模型, 有序两元判定图表

Abstract: IPSec policy configuration remains a complex and error-prone task. A generic model that captures various filtering policy semantics using Boolean expressions is presented. This model is used to derive a canonical representation for IPSec policies using ordered binary decision diagrams. Based on this representation, a comprehensive framework is developed to classify and identify conflicts that could exist in a single IPSec device (intra-policy conflicts) in enterprise networks. The testing and evaluation study on different network environments demonstrates the effectiveness and efficiency of the approach.

Key words: Network security, IPSec, Security policy, Firewall, Formal model, OBDD

中图分类号: