Thesis Details
Statická analýza počítačových sítí
Some problems in configurations of network devices are difficult to identify. Access control lists present an important part of many configurations. Conflicts among rules of an access control list can cause holes in security policy or quality of service. In this paper we focus on identifying and classifying conflicts among rules of an access control list. Discovering all possible types of conflicts is not a trivial task. We present optimized algorithm for complete access control list analysis using tries, based on existing research by Baboescu and Varghese. The tool for detecting conflicts among access control list rules of one given Cisco, HP or Juniper device using tries based algorithm has been implemented. Bit vectors in tries use WAH compression method to reduce memory consumption. Implemented tool was tested for correctness and performance. The hypothesis that this solution would make the analysis of access lists significantly faster has been proven.
Static analysis, configuration of network devices, access control list, ACL, security policy.
Burget Radek, doc. Ing., Ph.D. (DIFS FIT BUT), člen
Honzík Jan M., prof. Ing., CSc. (DIFS FIT BUT), člen
Hrubý Martin, Ing., Ph.D. (DITS FIT BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Vranić Valentino, doc. Ing., Ph.D. (FIIT STU), člen
@mastersthesis{FITMT14141,
author = "Tom\'{a}\v{s} Hozza",
type = "Master's thesis",
title = "Statick\'{a} anal\'{y}za po\v{c}\'{i}ta\v{c}ov\'{y}ch s\'{i}t\'{i}",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2012,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/14141/"
}