分布式防火墙中的访问控制策略模型

应用科学学报

分布式防火墙中的访问控制策略模型

陈兵胡莹丁秋林

南京航空航天大学信息科学与技术学院，江苏南京 210016

收稿日期:2007-12-15 修回日期:2008-01-08 出版日期:2008-05-31 发布日期:2008-05-31

Role-Based Policy Delivery Model for Distributed Firewall

CHEN Bing, HU Ying, DING Qiu-lin

Institute of Information Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016,China

Received:2007-12-15 Revised:2008-01-08 Online:2008-05-31 Published:2008-05-31

摘要/Abstract

摘要： 为解决分布式防火墙中客户端的策略分发问题，借鉴基于角色的访问控制思想，提出一个适合于分布式防火墙环境的访问控制策略模型，策略服务器制定全局策略和角色限制策略，并通过集合运算制定出角色策略，再将其划分为用户级角色策略。对于相同角色的客户端，安全级别和访问权限相同，有效降低了为众多客户端分别制定特定策略的复杂度，规则检索的时间复杂度为O(1)。测试结果表明,策略交互产生的网络流量对正常网络流量影响小。

关键词: 分布式防火墙, 全局策略, 角色限制策略, 角色策略, 用户级角色策略

Abstract:

To deliver policies to all clients in distributed firewalls, a role-based access control policy model is proposed. The policy server creates a global policy and a rule restricted policy, deduces role policy, and divides it into user-role policies. All clients in the same role set own the same security level and access rights. Complexity due to making policy individually for each client is reduced. Rules can be retrieved with high speed, and the time complexity is O(1) using a hash algorithm. Test results show that the flow produced by interactive communication on the network traffic can be ignored by applying this model.

Key words:

distributed firewall, global policy, role restricted policy, role policy, user role policy

陈兵;胡莹;丁秋林. 分布式防火墙中的访问控制策略模型 [J]. 应用科学学报.

CHEN Bing;HU Ying;DING Qiu-lin. Role-Based Policy Delivery Model for Distributed Firewall
[J]. Journal of Applied Sciences.