内生安全路由交换平台设计  

Design of Endogenous Safe Routing and Switching Platform

在线阅读下载全文

作  者:陈南洋[1] 杨玉发 张斌[1] 杨素梅[1] CHEN Nan-yang;YANG Yu-fa;ZHANG Bin;YANG Su-mei(No.30 Institute of CETC,Chengdu Sichuan 610041,China)

机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041

出  处:《通信技术》2020年第9期2328-2333,共6页Communications Technology

摘  要:路由交换设备作为关键的网络基础设施,其安全性对整个网络的安全具有重要意义。计算体系结构、操作系统和应用软件不可避免地存在设计缺陷或漏洞,而传统的防御措施基于已知威胁特征库无法应对未知的安全威胁。因此,将可信计算、拟态防御、CPK技术相结合,构建具有内生安全功能的路由交换平台体系架构。基于双体系结构的可信计算平台,保证了平台的完整性;通过动态异构冗余的拟态防御机制,增加了攻击者的实施难度;通过组合公钥密钥协商,结合MACsec加密框架,保证了通信设备双方身份的真实性、数据的机密性。相关的设计思路和方法可为构建安全路由交换设备提供参考。As a key network infrastructure,routing and switching equipment is of great significance to the security of the entire network.Computing architectures,operating systems,and application software inevitably have design flaws or loopholes,while traditional defense measures are based on known threat signature databases and cannot deal with unknown security threats.Therefore,the trusted computing,mimic defense,and CPK technology are combined to build a routing and switching platform architecture with endogenous security function.The trusted computing platform based on the dual architecture ensures the integrity of the platform;the mimic defense mechanism of dynamic heterogeneous redundancy increases the difficulty of the attacker’s implementation;through the combination of public key and key agreement,combined with the MACsec encryption framework,the authenticity of the identities of the two parties and methods can provide references for constructing secure routing and switching equipment.

关 键 词:内生安全 可信计算 拟态防御 组合公钥 

分 类 号:TN919.21[电子电信—通信与信息系统]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象