摘要
IPSec为网络安全提供了丰富的安全保护模式和操作,但其策略配置是非常复杂和易出错的一项工作。采用安全策略形式化模型和有序两元判定图表(OBDD)方法对在企业网络中不同IPSec设备间的策略间冲突进行分类和分析,开发了一组在IPSec策略配置过程中发现策略间冲突问题的技术。并通过开发的安全策略测试工具软件包的运行分析证明了该方法模型在发现和解决不同IPSec设备间的策略间冲突问题的有效性。
Although IPSec supports a rich set of protection modes and operations, its policy configuration remains a complex and errorprone task. Based on formal modeling technology and ordered binary decision diagrams, a comprehensive framework is developed to classify and identify conflicts that could exist between different IPSec devices (inter-policy conflicts) in enterprise networks, Testing and evaluating on study on different network environments demonstrates the effectiveness and efficiency of the approach.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第13期3090-3092,共3页
Computer Engineering and Design
基金
浙江省06自然科学基金项目(Y109456)
