Compressing Network Access Control Lists

Liu Alex X.; Torng Eric; Meiners Chad R.

首页> 外文期刊>Parallel and Distributed Systems, IEEE Transactions on >Compressing Network Access Control Lists

【24h】

Compressing Network Access Control Lists

机译：压缩网络访问控制列表

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

An access control list (ACL) provides security for a private network by controlling the flow of incoming and outgoing packets. Specifically, a network policy is created in the form of a sequence of (possibly conflicting) rules. Each packet is compared against this ACL, and the first rule that the packet matches defines the decision for that packet. The size of ACLs has been increasing rapidly due to the explosive growth of Internet-based applications and malicious attacks. This increase in size degrades network performance and increases management complexity. In this paper, we propose ACL Compressor, a framework that can significantly reduce the number of rules in an access control list while maintaining the same semantics. We make three major contributions. First, we propose an optimal solution using dynamic programming techniques for compressing one-dimensional range-based access control lists. Second, we present a systematic approach for compressing multidimensional access control lists. Last, we conducted extensive experiments to evaluate ACL Compressor. In terms of effectiveness, ACL Compressor achieves an average compression ratio of 50.22 percent on real-life rule sets. In terms of efficiency, ACL runs in seconds, even for large ACLs with thousands of rules.

机译：访问控制列表（ACL）通过控制传入和传出数据包的流来为专用网络提供安全性。具体而言，以一系列（可能是冲突的）规则的形式创建网络策略。将每个数据包与此ACL进行比较，该数据包匹配的第一个规则定义了该数据包的决策。由于基于Internet的应用程序的爆炸性增长和恶意攻击，ACL的大小一直在迅速增加。大小增加会降低网络性能并增加管理复杂性。在本文中，我们提出了ACL Compressor，该框架可以在保持相同语义的同时显着减少访问控制列表中的规则数量。我们做出三大贡献。首先，我们提出了一种使用动态编程技术压缩一维基于范围的访问控制列表的最佳解决方案。其次，我们提出了一种用于压缩多维访问控制列表的系统方法。最后，我们进行了广泛的实验以评估ACL Compressor。在有效性方面，ACL Compressor在实际规则集上的平均压缩率为50.22％。就效率而言，即使对于具有数千个规则的大型ACL，ACL仍可在几秒钟内运行。

著录项

来源
《Parallel and Distributed Systems, IEEE Transactions on》 |2011年第12期|p.1969-1977|共9页
作者
Liu Alex X.; Torng Eric; Meiners Chad R.;
展开▼
作者单位

Michigan State University, East Lansing;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Access control list; algorithm.; firewall; packet classification;

机译：访问控制列表;算法;防火墙;数据包分类;

相似文献

外文文献
中文文献
专利

1. Secure access of resources in software-defined networks using dynamic access control list [J] . Ramprasath J., Seethalakshmi V International journal of communication systems . 2021,第1期

机译：使用动态访问控制列表安全地访问软件定义网络中的资源
2. A Difference Resolution Approach to Compressing Access Control Lists [J] . Daly James, Liu Alex X., Torng Eric Networking, IEEE/ACM Transactions on . 2016,第1期

机译：差异解决方案压缩访问控制列表
3. ROCA: Auto-resolving overlapping and conflicts in Access Control List policies for Software Defined Networking [J] . Bin Asif Awais, Imran Muhammad, Shah Nadir, International journal of communication systems . 2021,第9期

机译：ROCA：自动解析访问控制列表中的重叠和冲突软件定义网络的策略
4. A difference resolution approach to compressing Access Control Lists [C] . Daly James, Liu Alex X., Torng Eric IEEE INFOCOM . 2013

机译：差异解决方案压缩访问控制列表
5. A specification for an extensible access control Web service featuring access control lists and role-based access control models. [D] . Garcia, Andres. 2004

机译：具有访问控制列表和基于角色的访问控制模型的可扩展访问控制Web服务的规范。
6. Study protocol for ‘The Project About Loneliness and Social networks (PALS)’: a pragmatic randomised trial comparing a facilitated social network intervention (Genie) with a wait-list control for lonely and socially isolated people [O] . Rebecca Band, Sean Ewings, Tara Cheetham-Blake, 2019

机译：关于孤独与社交网络（PALS）的项目的研究方案：一项实用的随机试验比较了便利的社交网络干预（Genie）和孤独和社交孤立人群的等待清单控制
7. Compressing Network Access Control Lists [O] . Alex X. Liu, Eric Torng, Chad R. Meiners 2012

机译：压缩网络访问控制列表

Compressing Network Access Control Lists

摘要

著录项

相似文献

相关主题

期刊订阅