Research And Implementation Of Semantic Compatibility Of Network Access Control Fast Analyze Technology

Network access control sentences are commonly deployed in firewalls,routers,intrusion detection systems and other network security devices,and semantics of access control determines the behaviors of network security devices.The Semantic overlaps between network access control sentences are referred to herein as the "semantic compatibility",which may reduce the efficiency of the sentences and even conflict with one another,thus leading to serious consequences like leaks of sensitive information and obstruction to lawful access.Currently,the analytical technologies for semantics of access control are obsessed by low efficiency.Therefore,it is necessary to study the fast analytical technologies for semantics of access control.Main works can be summarized as follows:1.Elaborating the background and significance of analytical technologies for semantics of access control,analyzing and summarizing previous researches,pointing out that the current technologies,deeply caught by syntactic parsing,is of a low efficiency;2.Proposing the resolution for semantic compatibility analysis based on reasoning,i.e.,generating inference rules automatically.Then reason and analyze semantic compatibility of access control based on the inference rules.Details are specified as follows:(1)Defining the basic activities of reading words,combining sentences and ontology reason that constitute the fast analysis for semantic compatibility of network access control,and then defining the basic behaviors of reading words,combining sentences and ontology reason;(2)Constructing the behaviors of the fast analysis for semantic compatibility of access control,and proving its logic feasibility;(3)Based on the above work,establishing a pushdown automaton for the fast analysis for semantic compatibility of access control,proving its reachability of the fast analysis process,and exporting the computing mechanism from it.3.In accordance with the computing mechanism,designing the algorithm of fast analytical framework and the algorithms of INFRUGE and ONRE;based on the technologies of Lex&Yacc,introducing the technologies of representing and reasoning the semantic ontology,both of which,with their framework software,constitute the fast analyzing system for semantic compatibility of access control.4.In the Linux system,running the fast analyzing system,and comparing the ONRE algorithm with the SemanticCompare algorithm by constructing three configuration groups ranging from 10000 to 100000 access control sentences respectively as the experimental data.Experimental results show that,compared with the SemanticCompare algorithm,the ONRE algorithm saves 7870 seconds in terms of 100000 sentences,namely,it effectively improves the efficiency of the fast analyzing system for semantic compatibility of access control.