首页    期刊浏览 2024年12月12日 星期四
登录注册

文章基本信息

  • 标题:Management and Verification of Firewall and Router Access Lists
  • 其他标题:Management and Verification of Firewall and Router Access Lists
  • 作者:Hassan, Ahmed AbdAllah ; Hudec, Ladislav
  • 期刊名称:COMPUTING AND INFORMATICS
  • 印刷版ISSN:1335-9150
  • 出版年度:2004
  • 卷号:23
  • 期号:1
  • 页码:77-100
  • 语种:English
  • 出版社:COMPUTING AND INFORMATICS
  • 摘要:Security in computer networks is a very complex task especially if it is required to separate a corporate network from public Internet or to divide a~company's intranet into multiple zones with different security requirements. The network security policy that describes these security requirements is primarily presented in a high-level form. Also, the security policy is enforced using some low-level security mechanisms, mainly firewall technology. One of the main difficulties faced by the network administrator is how to translate the high-level policy description to the low-level firewall rule-base. This paper presents Role-Based Network Security (RBNS) model that can be used as an intermediary level between high-level policy form and low-level firewall rule-base. We use the Role-Based Access Control (RBAC) model as a framework for our proposed RBNS model. The main concept of RBNS model is that network services are assigned to roles and hosts are made members of appropriate roles thereby acquiring the roles' network services. Also, the paper presents a compilation algorithm that can be used to automatically generate the low-level firewall rule-base from the RBNS intermediary-level. The paper presents a proposed verification algorithm to prove that the high-level policy and the translated low-level firewall rule-base are equivalent. Based on the RBNS model, we design and implement a firewall management toolkit. The paper demonstrates in brief the toolkit's capabilities through an example, thus showing that the using of this model separates the high-level security policy from the underlying enforcement mechanism. This separation offers easier management and debugging of low-level firewall rule-base at an appropriate level of abstraction.
  • 关键词:Network security; security modeling; security policy; firewall management; packet filtering; router access lists
Loading...
联系我们|关于我们|网站声明
国家哲学社会科学文献中心版权所有