Comments

Copyright © 2006 iadis and authors. This is a reprint of a paper that was presented at the International Association for Development of the Information Society (IADIS) International Conference WWW/Internet 2006 (ICWI 2006), on the 5th-8th October 2006 which was held in Murcia, Spain. It was also published in the conference proceedings. The iadis website is available here http://www.iadis.org and details of the conference are available at http://www.iadis.org/icwi2006/index.asp

Abstract

This paper considers the effects of dependencies between rules in Access Control Lists (ACLs). Dependent rules may not be reordered in an ACL if the policies of the list are to be preserved. This is an obstacle to the optimisation of rule order intended to reduce the time taken matching packets against rules. In this paper, the concept of rule dependency is defined in relation to the problem of minimising processing latency. The concepts of dependence and possible dependence are introduced and the relationship between them considered. Two measures of dependency, the dependency index and the fragmented dependency index are defined and formulated and an upper bound for each is derived. Examples of real-world ACLs are studied and the implications for practical optimisation discussed.

Disciplines

Computer and Systems Architecture | Digital Communications and Networking | Hardware Systems | Systems and Communications

Recommended Citation

Grout, V., McGinn, J., Davies, J., Picking, R. & Cunningham, S. (2006) ‘Rule Dependencies in Access Control Lists’, [Paper presented to the International Association for Development of the Information Society (IADIS) International Conference WWW/Internet 2006 (ICWI 2006), 5th-8th October 2006]. Murcia, Spain