<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mais</journal-id><journal-title-group><journal-title xml:lang="ru">Моделирование и анализ информационных систем</journal-title><trans-title-group xml:lang="en"><trans-title>Modeling and Analysis of Information Systems</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1818-1015</issn><issn pub-type="epub">2313-5417</issn><publisher><publisher-name>Yaroslavl State University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.18255/1818-1015-2019-1-75-89</article-id><article-id custom-type="elpub" pub-id-type="custom">mais-1163</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Computer System Organization</subject></subj-group></article-categories><title-group><article-title>Эффективный алгоритм разрешения коллизий в правилах политики безопасности</article-title><trans-title-group xml:lang="en"><trans-title>An Effective Algorithm for Collision Resolution in Security Policy Rules</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-6652-3574</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Моржов</surname><given-names>Сeргей Владимирович</given-names></name><name name-style="western" xml:lang="en"><surname>Morzhov</surname><given-names>Sergey V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирант</p><p>ул. Советская, 14, Ярославль, 150003</p><p> </p></bio><bio xml:lang="en"><p>graduate student</p><p>14 Sovetskay st., Yaroslavl, 150003</p></bio><email xlink:type="simple">smorzhov@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-1427-4937</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Соколов</surname><given-names>Валерий Анатольевич</given-names></name><name name-style="western" xml:lang="en"><surname>Sokolov</surname><given-names>Valeriy A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>д-р физ.-мат. наук, профессор</p><p>ул. Советская, 14, Ярославль, 150003</p><p> </p></bio><bio xml:lang="en"><p>Doctor, Professor</p><p>14 Sovetskay st., Yaroslavl, 150003</p></bio><email xlink:type="simple">valery-sokolov@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Ярославский государственный университет им. П.Г. Демидова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>P.G. Demidov Yaroslavl State University</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>НОМЦ Центр интегрируемых систем, Ярославский государственный университет им. П.Г. Демидова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Centre of Integrable Systems, P.G. Demidov Yaroslavl State University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2019</year></pub-date><pub-date pub-type="epub"><day>15</day><month>03</month><year>2019</year></pub-date><volume>26</volume><issue>1</issue><fpage>75</fpage><lpage>89</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Моржов С.В., Соколов В.А., 2019</copyright-statement><copyright-year>2019</copyright-year><copyright-holder xml:lang="ru">Моржов С.В., Соколов В.А.</copyright-holder><copyright-holder xml:lang="en">Morzhov S.V., Sokolov V.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.mais-journal.ru/jour/article/view/1163">https://www.mais-journal.ru/jour/article/view/1163</self-uri><abstract><p>Межсетевой экран является основным классическим инструментом для контроля и управления сетевым трафиком в локальной сети. Его задача — сравнивать проходящий через него сетевой трафик с установленными правилами безопасности. Эти правила, которые часто также называют политикой безопасности, могут быть определены как до, так и во время работы межсетевого экрана. Управление политикой безопасности крупных корпоративных сетей является сложной задачей. Для того чтобы правильно ее реализовать, правила фильтрации межсетевого экрана должны быть написаны и организованы аккуратно и без ошибок. Кроме того, процесс изменения или вставки новых правил должен выполняться только после тщательного анализа отношений между изменяемыми или вставляемыми правилами, а также правилами, которые уже существуют в политике безопасности. В данной статье авторы рассматривают классификацию отношений, в которых могут находиться правила политики безопасности между собой, и дают определение возможных коллизий между ними. Авторы представляют также новый эффективный алгоритм обнаружения и устранения коллизий в правилах межсетевого экрана на примере контроллера ПКС Floodlight.</p></abstract><trans-abstract xml:lang="en"><p>A firewall is the main classic tool for monitoring and managing the network traffic on a local network. Its task is to compare the network traffic passing through it with the established security rules. These rules, which are often also called security policy, can be defined both before and during the operation of the firewall. Managing the security policy of large corporate networks is a complex task. In order to properly implement it, firewall filtering rules must be written and organized neatly and without errors. In addition, the process of changing or inserting new rules should be performed only after a careful analysis of the relationship between the rules being modified or inserted, as well as the rules that already exist in the security policy. In this article, the authors consider the classification of relations between security policy rules and also give the definition of all sorts of conflicts between them. In addition, the authors present a new efficient algorithm for detecting and resolving collisions in firewall rules by the example of the Floodlight SDN controller.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>список контроля доступа</kwd><kwd>межсетевой экран</kwd><kwd>программно-конфигурируемая сеть</kwd><kwd>ПКС</kwd><kwd>дерево политики безопасности</kwd></kwd-group><kwd-group xml:lang="en"><kwd>access control list</kwd><kwd>firewall</kwd><kwd>software defined network</kwd><kwd>ACL</kwd><kwd>SDN</kwd><kwd>security policy tree</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">РФФИ, научный проект № 17-07-00823 А, и в рамках государственного задания Министерства образования и науки РФ, проект № 1.10160.2017/5.1</funding-statement><funding-statement xml:lang="en">The work was funded by Russian Foundation for Basic Research, according to the research projects No. 17-07-00823 А, and was carried out within the framework of the state program of the Ministry of Education and Science of the Russian Federation, project № 1.10160.2017/5.1.</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Al-Shaer E., et al., "Automated Firewall Analytics. Design, Configuration and Optimization", Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, 2014, 15-18.</mixed-citation><mixed-citation xml:lang="en">Al-Shaer E., et al., "Automated Firewall Analytics. Design, Configuration and Optimization", Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, 2014, 15-18.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Abedin M., Nessa S., Khan L., Thuraisingham B., "Detection and Resolution of Anomalies in Firewall Policy Rules", Data and Applications Security XX, Springer, 2006, 15-29.</mixed-citation><mixed-citation xml:lang="en">Abedin M., Nessa S., Khan L., Thuraisingham B., "Detection and Resolution of Anomalies in Firewall Policy Rules", Data and Applications Security XX, Springer, 2006, 15-29.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Morzhov S., Nikitinskiy M., "Development and research of the PreFirewall network application for Floodlight SDN controller", 2018 Moscow Workshop on Electronic and Networking Technologies (MWENT) (Moscow, March 14-16), 2018, 1-4.</mixed-citation><mixed-citation xml:lang="en">Morzhov S., Nikitinskiy M., "Development and research of the PreFirewall network application for Floodlight SDN controller", 2018 Moscow Workshop on Electronic and Networking Technologies (MWENT) (Moscow, March 14-16), 2018, 1-4.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Morzhov S., Sokolov V., Nikitinskiy M., Chaly D., "Building a Security Policy Tree for SDN Controllers", 2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTec) (Moscow, October 25), 2018, 1-6.</mixed-citation><mixed-citation xml:lang="en">Morzhov S., Sokolov V., Nikitinskiy M., Chaly D., "Building a Security Policy Tree for SDN Controllers", 2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTec) (Moscow, October 25), 2018, 1-6.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Morzhov S., Alekseev I., Nikitinskiy M., "Firewall application for Floodlight SDN controller", XII International Siberian Conference on Control and Communications (SIBCON-2016) (Moscow, May 12-14), 2016, 1-5.</mixed-citation><mixed-citation xml:lang="en">Morzhov S., Alekseev I., Nikitinskiy M., "Firewall application for Floodlight SDN controller", XII International Siberian Conference on Control and Communications (SIBCON-2016) (Moscow, May 12-14), 2016, 1-5.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
