摘要
针对现有IPSec系统策略机制的不足,本文提出了一种面向应用的IPSec系统策略管理机制,通过监视应用程序的socket活动,实时地设置好相应的IPSec策略,对IP流实施细粒度的、不同等级的保护;同时,提供高级语言形式的策略设置语句,以满足用户添加和修改细粒度IPSec策略的需要;提供解决策略冲突的算法,将相互冲突的需求转化为无冲突的策略。该机制可以提高现有IPSec系统的性能,使其更好地满足网络实际环境的需要。
In view of the flaws of the existing IPSec system policy mechanisms, this paper presents an application-oriented IPSec system policy management mechanism. By monitoring the socket activities of the application layer, we create the corresponding IPSec policy in a real-time manner, and provide different grades of fine-grained protection for the IP flow. We also present the expressions of policy setting that uses a high-level language form,in order to satisfy the users'needs to add, change and delete the fine-grained IPSec policy. In addition, we give an algorithm to resolve the policy conflicts, and transform the conflicting policies into conflict-free ones. The mechanism can improve the performance of the existing IPSec, so it can meet the actual network environment better.
出处
《计算机工程与科学》
CSCD
2007年第5期15-18,49,共5页
Computer Engineering & Science
