###
DOI:
Journal of Software:2007.18(4):978-986

访问控制列表的优化问题
曾旷怡,杨家海
(清华大学,信息网络工程研究中心,北京,100084)
Towards the Optimization of Access Control List
ZENG Kuang-Yi,YANG Jia-Hai
()
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 3072   Download 3138
Received:September 26, 2005    Revised:April 03, 2006
> 中文摘要: 访问控制列表(access control list,简称ACL)是解决和提高网络安全性的方法之一,但访问控制列表应用在网络设备的接口上将降低网络设备的性能.当ACL条目达到一定数量后,很难进行人工处理,根据一定算法进行ACL自动优化显得尤为重要.在深入研究ACL优化问题的基础上,考虑到一条语句与多条语句之间或多条语句与多条语句之间的交叉覆盖或包含关系,对ACL的全局优化问题进行了形式化描述,得出了3个有用的推论,并提出了一种ACL的近似优化算法.通过模拟实验表明,性能优于同类商业产品.该算法可以作为AC
Abstract:Access control list (ACL) is proposed to solve or improve the network security problem. It is widely deployed in network devices such as routers, switches and firewall appliances, to filter the packets. However, the performance of the network device will be degraded when access control lists are applied in data forwarding interfaces of the device. The optimization of the ACL can greatly improve the performance of the devices in packets forwarding. The paper studies the optimization problem of ACL, outlines the overlapping or containing relationships between single clause and multiple clauses or among multiple clauses, proposes a formula representation of the problem based on the studies, and draws three important conclusions. Based on these conclusions, an approximate optimization algorithm is designed and implemented. Simulation experiments show better performance than the similar commercial products, implying that the research not only provides theoretical references, but also has important practical application.
文章编号:     中图分类号:    文献标志码:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.60473083(国家自然科学基金);the National High-Tech Research and Development Plan of China under Grant Nos.2003AA103110,2005AA103110-2(国家高技术研究发展计划(863)) Supported by the National Natural Science Foundation of China under Grant No.60473083(国家自然科学基金);the National High-Tech Research and Development Plan of China under Grant Nos.2003AA103110,2005AA103110-2(国家高技术研究发展计划(863))
Foundation items:
Reference text:

曾旷怡,杨家海.访问控制列表的优化问题.软件学报,2007,18(4):978-986

ZENG Kuang-Yi,YANG Jia-Hai.Towards the Optimization of Access Control List.Journal of Software,2007,18(4):978-986