期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2011
卷号:11
期号:3
页码:15-20
出版社:International Journal of Computer Science and Network Security
摘要:Policy deployment is the process by which policy editing commands are issued on firewall, so that the target policy becomes the running policy. Due to the sensitive nature of information transmitted during a policy deployment, the communication between management tool and firewall should be confidential [1]. Much research has already addressed to the specification of policies, conflict detection and optimization, but very little research is devoted to the security and correctness of firewall policy deployment. In this paper, we make some contributions to the correctness of Firewall Policy Deployment and propose an effective solution that will allow us to secure the deployment process of a political target. We show that the category of type I policy editing [2] is incorrect and could lead to security vulnerabilities. We then provide a correct algorithm for Type I Deployment. Our algorithm can be used even for the deployment of policies whose size is very large.
关键词:Target Policy Deployment (TPD); Firewall Policy Management (FPM); Securing Exchanges (SE); Security of Policy Deployment (SPD)
Loading...
