A Method of Conflict Detection for Security Policy Based on B+ Tree

Security policy is widely used in network management systems to ensure network security. It is necessary to detect and resolve conflicts in security policies. This paper analyzes the shortcomings of existing security policy conflict detection methods and proposes a B+ tree-based security policy conflict detection method. First, the security policy is dimensioned to make each attribute corresponds to one dimension. Then, a layer of B+ tree index is constructed at each dimension level. Each rule will be uniquely mapped by multiple layers of nested indexes. This method can greatly improve the efficiency of conflict detection. The experimental results show that the method has very stable performance which can effectively prevent conflicts, the type of policy conflict can be detected quickly and accurately.

[1]  Xie Li,et al.  A DAG-Based Security Policy Conflicts Detection Method , 2005 .

[2]  Dinesh C. Verma,et al.  Simplifying network administration using policy-based management , 2002, IEEE Netw..

[3]  Enrico Casini,et al.  Specification of a Policy Based Network Management architecture , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[4]  Roumaissa Khelf,et al.  Intra and inter policy Conflicts Dynamic Detection Algorithm , 2017, 2017 Seminar on Detection Systems Architectures and Technologies (DAT).

[5]  Ming Chen,et al.  A method of conflict detection and resolution for security policy based on matrix description , 2017, 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC).

[6]  Joel H. Saltz,et al.  Detection of Conflicts and Inconsistencies in Taxonomy-Based Authorization Policies , 2011, 2011 IEEE International Conference on Bioinformatics and Biomedicine.