| The distributional firewall uses architecture that the control center establish security policy and many node firewalls carry out the strategy.It can better resolve the security problems of more and more inflate malpractice and intranet of boundary firewall security policy.The strategy management of distributional firewall is quitely complex.In large-scale industry networks the multi-level and inheritage administration methods are always selected.Because every level firewall manager can add the filter rules into the firewall policy stores.Then they are issued into all nodes and implemented. It will easily cause the conflictions of rules in single firewall as well as among firewalls,in other words, anomalous phenomena of policy.In this paper,the reasons of policy anomalies in the distributed firewalls are analysed .The normative definitions are provided for all kinds of policy anomalies in distributed firewalls. The policy model basing on PN is designed.In view of all kinds of policy anormalies of the distributional firewall.We present a set of algorithms basing on PN in order to find the irreversibility, unboundedness, and unreachability.. As soon as there is any change in the policy stores, our algorithms will automatically start so as to search the policy anomalies and distinguish the type.If there is abnormal affair in policy stores,they can call maintainable methods such as modifying or deleting the rules from the policy stores so that all kinds of policy anomalies are eliminated.At last, we have simulated realized our algorithms and analysed their general properties. |
PDF Full Text Request