摘要
利用虚拟私有网(VPN:Virtual Private Network)来实现安全跨越Internet访问远端服务群的技术是目前网络安全研究的一个重要组成部分。但是,由于虚拟私有网的隧道技术能够绕过防火墙,使得基于VPN服务器攻击内部服务群成为可能。因此,本文提出了一种面向VPN的新型访问控制模型———应用层集中式信息访问控制模型。它综合了目前主流访问控制模型的控制特点、反病毒和入侵检测的工作机制。并针对VPN通信流的特点,将访问控制与VPN隧道、转发机制紧耦合,从而增强网络安全性。同时,本文给出了该模型的一个实现原型。
The use of VPN to securely access the remote servers through Internet is one important technology in the current network security research. However, the tunneling technology of VPN makes it possible to bypass the control of firewall and compromise interior servers based on VPN server. Thus, this paper puts forth the Application-layer based Centralized Information Access Control Model, a new access control model for VPN. It integrates the features of the current mainstream access control models and the working mechanism of anti-virus and intrusion detection. On the basis of VPN communication stream, it also tightly couples access control with VPN tunnel and transmission mechanism to enhance network security. This paper also provides a prototype for the model.
出处
《计算机科学》
CSCD
北大核心
2006年第8期32-36,F0004,共6页
Computer Science
基金
国家自然科学基金(批准号:60373088)资助项目
关键词
虚拟私有网
访问控制
应用层
隧道
Virtual private network, Access control, Application-layer, Tunneling