Design And Implementation Of Access Control Policy Automated Deployment System

With the expansion of computer network, network security becomes more and more important. As a kind of simple, efficient network security management technique, access control list is widely applied in actual network security management. In traditional access control list management, administrator has to log on the device and use command line interface to configure it, which is heavy work. Auto-deployment of access control policy transfers the point of management from device to business, which has been paid more and more attention. How to unified describe policy, conflict detection and resolution is an urgent problem to be resolved.Initially, based on a deep analysis and comparison of current architecture of auto-deployment of policy and combined with the characteristic of access control list, this thesis proposes XML based access control policy information model. Through analyzing and synthesizing many kinds of routers, we abstract the common part information of deploying access control list, use XML to describe and transmit. By using Perl to translate command, we can shield the difference of bottom device, enhance the scalability and flexibility of system and provide theoretic base and technical support for auto-deployment of policy.Secondly, as high complexity and bad performance of traditional policy conflict detection and resolution algorithm of access control list, optimized policy conflict detection and resolution algorithm based on integer set is proposed in order to solve the problem. The algorithm maps access control list policy to integer set and detects and resolves policy by operating integer set. When detecting many policies, we use the idea of joining policy one by one and conducting detection and resolution at the same time. The analysis shows that our algorithm reduces the complexity and improves the performance comparing to traditional algorithm.Finally, we design and implement access control policy automated deployment system. This system uses B/S and integrates XML access control information model and the optimized algorithm of policy confliction and resolution. Test experiments of system modules were made, which showed that the system can automatically deploy, detect, resolute and check access control policy.