基于虚拟服务的SSL VPN研究

Research for Virtual Service Based SSL VPN

基于对标准SSLVPN(SecureSocketLayerVirtualPrivateNetwork)的研究分析,提出了基于虚拟服务的SSLVPN结构.该结构包含两项关键性技术:虚拟服务和基于VPN流的访问控制模型.一方面,通过在客户端动态生成虚拟服务来支持传统应用软件安全透明地访问VPN内部服务群;另一方面,针对VPN流的特点,将访问控制与VPN隧道、转发机制紧耦合,从而实现了细粒度的访问控制及应用层入侵检测.最后,给出了一个实现原型及相关性能测试.

Based on the analyses of the standard SSL VPN （Secure Socket Layer Virtual Private Network）, this paper presents the framework of SSL VPN which comprises two key techniques： virtual service and VPN stream hased access control model. By the virtual services created dynamically at the client server, SSL VPN can help traditional applications securely and transparently access VPN internal servers ; in view of VPN stream, it also tightly couples access control with VPN tunnel and transmission mechanism to implement the fine-grained access control and the intrusion detection of the application layer. We finally provided an implemented prototype and its related performance testing.