Method, device and system used for digesting security policy conflicts

A security strategy and strategy technology, applied in the field of communication, can solve problems such as hidden security risks, strategy conflicts, and the inability of firewall strategies to function effectively, and achieve the effect of improving security.

Inactive Publication Date: 2016-04-06
CHINA TELECOM CORP LTD
View PDF6 Cites 101 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Under the SDN architecture, when multiple applications on the upper layer issue flow rule policies at the same time, conflicts may occur between different policies. This traffic is allowed by policy or otherwise, causing a conflict between policies
Even in the network fragmentation environment of FlowVisor, security applications and other applications may exist in the same network fragmentation at the same time, resul

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system used for digesting security policy conflicts
  • Method, device and system used for digesting security policy conflicts
  • Method, device and system used for digesting security policy conflicts

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0042] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. The following description of at least one exemplary embodiment is actually only illustrative, and in no way serves as any limitation to the present invention and its application or use. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0043] Unless specifically stated otherwise, the relative arrangement of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present invention.

[0044] At the same time, it should ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, device and system used for digesting security policy conflicts. When a flow rule control device receives a flow rule policy issued by an application proxy device, semantic analysis is performed on the flow rule policy based on aliases so that an alias rule set of the flow rule policy is formed; the alias rule set of the flow rule policy is compared with the alias rule set of the current rules so as to judge existence of the policy conflicts; and if the policy conflicts do not exist, the flow rule policy is transmitted to corresponding switches so that the corresponding switches perform corresponding routing forwarding according to the flow rule policy. Therefore, a situation of bypassing security rules through other flow rule policies or policy combinations can be effectively prevented, and security of an SDN framework based on OpenFlow can be enhanced.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method, device and system for resolving security policy conflicts. Background technique [0002] SDN (Software Defined Network, Software Defined Network) is a new type of network architecture and technology system. It splits the traditional tightly coupled network architecture into a three-layer architecture that separates application, control, and forwarding. The upper-layer application and the lower-layer forwarding facilities are abstracted into multiple Logical entity, which has the characteristics of open programmability. [0003] Under the SDN architecture, the centralized controller is used to program the distributed switches and define routing rules. The policies of upper-layer applications are delivered to the switches through the controller for execution, and security functions such as firewalls are also implemented in the form of upper-layer applications. As a typi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/813H04L9/32H04L47/20
Inventor 王帅沈军黄勇军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap