检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]南京邮电大学信息网络技术研究所,江苏南京210003
出 处:《南京邮电大学学报(自然科学版)》2007年第3期48-53,共6页Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基 金:国家自然科学基金(60273091)资助项目
摘 要:网络安全问题的严峻性和安全需求的普遍化,要求人们有必要在IP网络中提供基础安全控制。基于面向网络基础设施的安全模型,通过分析网络层的安全威胁,设计了IP网络访问控制机制。该机制由密钥协商和报文检测协议组成,实现通信双方的双向身份验证,保证传输过程中报文的真实性和完整性。在比较各类形式化技术的基础上,采用抽象协议表示法对相关协议进行了形式化描述和验证。该访问控制机制提供网络主机间的访问控制,解决了其他在网络边缘实施的访问控制机制无法解决的网络内部安全问题。该机制适合在较小的网络范围内实施,如局域网等,适合于更大网络范围的机制正在研究中。目前已经在Linux平台上实现了该机制,并简单分析其性能。The austerity of network security problems and the generalization of security requirement make it necessary to provide fundamental security control in IP networks. Through the analysis of threats on network layer, an access control mechanism in IP networks is designed based on the network infrastructure-oriented security model. Consisting of key exchange protocol and packet check protocol, it implements dual authentication between hosts, and guarantees the authenticity and integrity of packets in transmission. Based on the comparison between different formal techniques, Abstract Protocol Notation is used to describe and validate these two protocols. The mechanism provides access control between network hosts, and is able to solve inner security problems that can not be settled by those mechanisms implementing on the edge of networks. The mechanism is suitable for small scale networks such as LANs, and the mechanism used for large-scale networks is under development. The mechanism has been implemen- ted on Linux platform and its performance is analyzed briefly.
分 类 号:TP393.0[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.60