Comparison model and algorithm for distributed firewall policy

  • Authors:
  • Weiping Wang;Wenhui Chen;Zhepeng Li;Huaping Chen

  • Affiliations:
  • School of Management, University of Science & Technology of China, China;School of Management, University of Science & Technology of China, China;School of Management, University of Science & Technology of China, China;School of Management, University of Science & Technology of China, China

  • Venue:
  • ICIC'06 Proceedings of the 2006 international conference on Intelligent computing: Part II
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

As a traditional technique of information security, distributed firewall has taken very important position, while problems remain. Correct configuration of distributed firewall policies and keeping individual firewall filter decisions compatible to each other are quite inconvenient for administrators. To realize the comparison between firewalls' policies, this paper provide FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm. Combination of the two algorithms can be used to perform a comparison between distributed firewalls' policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and find out the inconsistency in distributed firewall policies. Besides, this model could be extended to package classification systems for policies comparison.