{"title":"访问控制列表等价性测试工具","authors":"Hirokazu Sayama, N. Yoshiura","doi":"10.1109/APNOMS.2012.6356103","DOIUrl":null,"url":null,"abstract":"Computer network security is one of the important issues in the Internet age. Network administrators of organizations such as companies or universities filter IP packets at network equipment such as Layer 3 switch or firewall between their organizations and the Internet to keep the security of the computer networks. One of the expressions of the filtering rules of IP packets is access control list. Access control lists are lists of rules, which describe permission or denial of packet transition based on source IP address, destination IP address, port numbers and so on. Access control lists are not always fixed; network administrators change access control lists according to the change of network topology or network security policy. After several changes, access control lists may include redundancies and network administrators have to modify the access control list to remove redundancies. This modification must keep the semantics of access control list. After modification, the network administrators must confirm that the semantics of access control list does not change. One of the methods of equivalence of two access control lists is to send test IP packets to the network equipment that filters IP packets and to check the transitions of the IP packets. This paper proposes the method of generating test packets to confirm the equivalence of two access control lists.","PeriodicalId":385920,"journal":{"name":"2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Test tool for equivalence of access control list\",\"authors\":\"Hirokazu Sayama, N. Yoshiura\",\"doi\":\"10.1109/APNOMS.2012.6356103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Computer network security is one of the important issues in the Internet age. Network administrators of organizations such as companies or universities filter IP packets at network equipment such as Layer 3 switch or firewall between their organizations and the Internet to keep the security of the computer networks. One of the expressions of the filtering rules of IP packets is access control list. Access control lists are lists of rules, which describe permission or denial of packet transition based on source IP address, destination IP address, port numbers and so on. Access control lists are not always fixed; network administrators change access control lists according to the change of network topology or network security policy. After several changes, access control lists may include redundancies and network administrators have to modify the access control list to remove redundancies. This modification must keep the semantics of access control list. After modification, the network administrators must confirm that the semantics of access control list does not change. One of the methods of equivalence of two access control lists is to send test IP packets to the network equipment that filters IP packets and to check the transitions of the IP packets. This paper proposes the method of generating test packets to confirm the equivalence of two access control lists.\",\"PeriodicalId\":385920,\"journal\":{\"name\":\"2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2012.6356103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2012.6356103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Computer network security is one of the important issues in the Internet age. Network administrators of organizations such as companies or universities filter IP packets at network equipment such as Layer 3 switch or firewall between their organizations and the Internet to keep the security of the computer networks. One of the expressions of the filtering rules of IP packets is access control list. Access control lists are lists of rules, which describe permission or denial of packet transition based on source IP address, destination IP address, port numbers and so on. Access control lists are not always fixed; network administrators change access control lists according to the change of network topology or network security policy. After several changes, access control lists may include redundancies and network administrators have to modify the access control list to remove redundancies. This modification must keep the semantics of access control list. After modification, the network administrators must confirm that the semantics of access control list does not change. One of the methods of equivalence of two access control lists is to send test IP packets to the network equipment that filters IP packets and to check the transitions of the IP packets. This paper proposes the method of generating test packets to confirm the equivalence of two access control lists.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
