Abstract:

To deliver policies to all clients in distributed firewalls, a role-based access control policy model is proposed. The policy server creates a global policy and a rule restricted policy, deduces role policy, and divides it into user-role policies. All clients in the same role set own the same security level and access rights. Complexity due to making policy individually for each client is reduced. Rules can be retrieved with high speed, and the time complexity is O(1) using a hash algorithm. Test results show that the flow produced by interactive communication on the network traffic can be ignored by applying this model.

Key words:

distributed firewall, global policy, role restricted policy, role policy, user role policy