A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search

Adding a new firewall rule often conflicts with the existed ones,which leads to security vulnerabilities.In order to avoid such vulnerabilities,firewall administrators have to determine an appropriate position in the firewall rule set to be inserted,and identify all the rules conflicting with the new rule in advance.The time complexity of the current conflicts detection algorithm for firewall rule set is O(dN),which makes its performance very poor.A new algorithm for detecting firewall rule set conflicts based on tuple space search is presented not only to find all the rules conflicting with the new rule,but also reduce the time complexity as O(lgN+N/w).So it can efficiently help administrators determine an appropriate insertion position of the new rule to avoid vulnerabilities.