Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and system used for digesting security policy conflicts

A security strategy and strategy technology, applied in the field of communication, can solve problems such as hidden security risks, strategy conflicts, and the inability of firewall strategies to function effectively, and achieve the effect of improving security.

Inactive Publication Date: 2016-04-06
CHINA TELECOM CORP LTD
View PDF6 Cites 101 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Under the SDN architecture, when multiple applications on the upper layer issue flow rule policies at the same time, conflicts may occur between different policies. This traffic is allowed by policy or otherwise, causing a conflict between policies
Even in the network fragmentation environment of FlowVisor, security applications and other applications may exist in the same network fragmentation at the same time, resulting in policy conflicts
This can be exploited by hackers to bypass security policies and pose a security risk
[0006] For example, although the firewall policy blocks the data flow from 10.0.0.1 to 10.0.0.2, the hacker can choose the path from 10.0.0.1 to 10.0.0.3, and from 10.0.0.3 to 10.0.0.2, and send the data flow from 10.0.0.1 to 10.0.0.2, so that the firewall policy cannot effectively play a role, bringing security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system used for digesting security policy conflicts
  • Method, device and system used for digesting security policy conflicts
  • Method, device and system used for digesting security policy conflicts

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. The following description of at least one exemplary embodiment is merely illustrative in nature and in no way taken as limiting the invention, its application or uses. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0043] The relative arrangements of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.

[0044] At the same time, it should be understood that, for the convenience of d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device and system used for digesting security policy conflicts. When a flow rule control device receives a flow rule policy issued by an application proxy device, semantic analysis is performed on the flow rule policy based on aliases so that an alias rule set of the flow rule policy is formed; the alias rule set of the flow rule policy is compared with the alias rule set of the current rules so as to judge existence of the policy conflicts; and if the policy conflicts do not exist, the flow rule policy is transmitted to corresponding switches so that the corresponding switches perform corresponding routing forwarding according to the flow rule policy. Therefore, a situation of bypassing security rules through other flow rule policies or policy combinations can be effectively prevented, and security of an SDN framework based on OpenFlow can be enhanced.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method, device and system for resolving security policy conflicts. Background technique [0002] SDN (Software Defined Network, Software Defined Network) is a new type of network architecture and technology system. It splits the traditional tightly coupled network architecture into a three-layer architecture that separates application, control, and forwarding. The upper-layer application and the lower-layer forwarding facilities are abstracted into multiple Logical entity, which has the characteristics of open programmability. [0003] Under the SDN architecture, the centralized controller is used to program the distributed switches and define routing rules. The policies of upper-layer applications are delivered to the switches through the controller for execution, and security functions such as firewalls are also implemented in the form of upper-layer applications. As a typi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/813H04L9/32H04L47/20
Inventor 王帅沈军黄勇军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com