| Network Access Control configuration determines the behavior of network security devices.In the same configuration,overlaps of access control semantic may lead to a lower efficiency,even leaks of sensitive information and security vulnerabilities.To solve this problem,this thesis studies and implements technologies for resolution of abnormal network access control semantics in terms of specific compatible types on specific positions.Works of the thesis can be summarized as follows:1.Describing the background and significance of technologies for resolving abnormal network access control semantics,analyzing and summarizing previous researches on these technologies at home and abroad,and pointing out the shortcomings of the existing technologies for specific positions and specific compatible types.2.Giving research ideas for resolving abnormal semantics.First,decomposing the accessing entities into basic ones in accordance with the target tree layer by layer;then,recombination the entities according to the Cartesian producd and creating new access control rules.Last,identify complete conflicts and redundance.Details are listed as follows:2.1 Structuring system for resolving abnormal network access control semantics on the reference of theory of access control semantic compatibility and the introduction of the target tree theory of network confrontation system.Firstly,giving activity definitions for its basic behaviors;and then analyzing its composition of activities and behavioral characteristics,thus proving the logical reachability of resolving abnormal semantics;2.2 Based on the activity construction of the system for resolving abnormal semantics,establishing a framework pushdown automaton for resolving abnormal semantics and proving the final reachablity of the process of resolving abnormal semantics;2.3 According to the final state of process and design abnormal decomposition algorithm framework,according to two transfer functions including entity decomposition and entity recombination in the automaton,designing algorithms for entity decomposition and entity recombination,and putting forward their complexity analysis.3.Designing and implementing the prototype system for resolving abnormal semantics on the basis of the usage of process-oriented approach to software development.Following the project scenarios,designing test case,verifying the validity of the system with two real configurations and one constructed data.By three groups of experimental data,Compare this algorithm(SNS)and FAME algorithm.Experimental results show that,the SNS algorithm can generate new access control rules according to different entity compatible types through the entity decomposition and entity recombination,and identify the access control rules that need to be removed in the end,thus allowing administrators to focus on controls consistent with their intentions,and to resolve exceptions more accurately. |
PDF Full Text Request