期刊文献+

一种面向SSL VPN的新型应用层访问控制模型 被引量:3

A Novel Application-layer Based Access Control Model for SSL VPN
下载PDF
导出
摘要 利用虚拟私有网(VPN:Virtual Private Network)来实现安全跨越Internet访问远端服务群的技术是目前网络安全研究的一个重要组成部分。但是,由于虚拟私有网的隧道技术能够绕过防火墙,使得基于VPN服务器攻击内部服务群成为可能。因此,本文提出了一种面向VPN的新型访问控制模型———应用层集中式信息访问控制模型。它综合了目前主流访问控制模型的控制特点、反病毒和入侵检测的工作机制。并针对VPN通信流的特点,将访问控制与VPN隧道、转发机制紧耦合,从而增强网络安全性。同时,本文给出了该模型的一个实现原型。 The use of VPN to securely access the remote servers through Internet is one important technology in the current network security research. However, the tunneling technology of VPN makes it possible to bypass the control of firewall and compromise interior servers based on VPN server. Thus, this paper puts forth the Application-layer based Centralized Information Access Control Model, a new access control model for VPN. It integrates the features of the current mainstream access control models and the working mechanism of anti-virus and intrusion detection. On the basis of VPN communication stream, it also tightly couples access control with VPN tunnel and transmission mechanism to enhance network security. This paper also provides a prototype for the model.
出处 《计算机科学》 CSCD 北大核心 2006年第8期32-36,F0004,共6页 Computer Science
基金 国家自然科学基金(批准号:60373088)资助项目
关键词 虚拟私有网 访问控制 应用层 隧道 Virtual private network, Access control, Application-layer, Tunneling
  • 相关文献

参考文献13

  • 1Cohen R. On the Establishment of an Access VPN in Broadband Access Networks. Communications Magazine, IEEE, 2003, 41(2):156-163
  • 2Kent S,Atkinson R. Security Architecture for the Intemet Protocol. RFC2401, November 1998
  • 3Dierks T, Allen C. The TLS Protocol Version 1.0. RFC2246,January 1999
  • 4Verschuren J, Govaerts R,Vandewalle J. Simultaneous Enforcement of the Bell-LaPadula and the Biba Security Policy Models in an OSI-distributed System. In: Singapore ICCS/ISITA ' 92, November, 1992. 257-263
  • 5Sandhu R S, Coyne E J, Feinstein H, et al. Role-Based Access Control Models. IEEE Computer,February 1996,29(2): 38-47
  • 6Wolf R, Keinz T, Schneider M. A model for content-dependent access control for Web-based services with role-based approach.Database and Expert Systems Applications,2003. 209-214
  • 7Spencer R,Smalley S, Loscocco P, et al. The Flask Security Architecture:System Support for Diverse Security Policies. In: Proceedings of the Eighth Security Symposium, August 1999. 123-139
  • 8Bertino E, Catania B, Ferrari E, et al. A System to Specify and Manage Multipolicy Access Control Models. Policies for Distributed Systems and Networks, 2002. 116-127
  • 9Jason J,Rafalow L, Vyncke E. IPSec Configuration Policy Information Model. RFC3585, August 2003
  • 10Guo Xin,Yang Kun,Galis A, et al. A Policy-based Network Management System for IP VPN. Communication Technology Proceedings, 2003. ICCT 2003,2:1630-1633

同被引文献9

引证文献3

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部