Information Technology Reference
In-Depth Information
13
ELSE THEN
N getAdjVetxSet u get adjacent node set of u
WHILE n GetFirstNode N
IF visited n THEN
GetSimplePath n v d
END IF
14
=
( ); //
15
(
=
(
))
16
(!
[ ])
17
( , ,
);
18
19
n GetNextNode N
END WHILE
ENDIF
END GetSimplePathSet
←
(
);
20
21
22
In this algorithm, we used an undirected graph to express the connecting relation
between nodes for network topology and used an adjacency list to store an undirected
graph. The time complexity of the algorithm is
.wherein, n denotes the
number of vertex in undirected graph, e denotes the number of edge in undirected
graph.
In choosing instance of other defense entity (such as IDS, system management
server…et..al ), we would choose the nearest defense entity for the protection resource.
(3)According to the role, we can derive a set of users by looking into the table of
role-user. Then we can get the set A of nodes by looking into table of node
information. According to the domain, we can derive a set B of nodes by looking into
the table of domain-node. At last, we can get the set C of node by operation of
AB
On e
(
+
)
and get the corresponding IP address for these nodes by looking into the table of node
information. In the same way, according to the target, we can derive a set of resources
by looking into the table of target-resource. Then we can get the set A of nodes by
looking into table of node information. According to the domain, we can derive a set B
of nodes by looking into the table of domain-node. At last, we can get the set C of node
by operation of
AB
∩
and get the corresponding IP address and port number for
these nodes by looking into the table of node information.
(4)According to the activity, we can derive a set of actions by looking into the table
of activity-action.
(5)We can get an operational-level policy for firewall through the composition of
the source IP address, the target IP address, port number, the set of actions and defense
action.
(6)If more than two defense means exist in the list of defense means, we would get
the next defense means and repeat the operation of (3)~(6) until all the means were
processed. Then we get the means constraints and transform them to the relations of
operational-level policies.
The pseudocode of transformation algorithm is shown as follows:
∩
1lg
A orithm CNDPolicyTransformation
INPUT CNDPolicyGoal G g g g finementRule R
OUTPUT CND Opreational Policy and Policy relations Set O
ocedure PolicyTransform G R
find the set of mean
2
:
:
=
{
,
,...
}; Re
:
12
n
3
:
:
4Pr
( ,
)
5 //
s g in a policy goal G and
assign all elements of the g to the set M
M
i
6
//
i
7
=
findelement G Means g
(
,
,
) ;
i
