期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

IPSec安全策略形式化技术的研究

Research on Formal Modeling Technology of IPSec Security Policy
下载PDF
导出
摘要 IPSec安全策略配置是一项复杂和易出错的工作。为解决这问题,提出了通过有序两元判定图表(OBDD)提供全面的IPSec安全策略冲突识别和分类的通用架构模型,并基于该架构模型,开发了一组在通用IPSec策略配置过程中发现策略内部的冲突问题的技术。实验测试证明了该架构模型和技术在发现和解决策略冲突问题的有效性。 IPSec policy configuration remains a complex and error-prone task. A generic model that captures various filtering policy semantics using Boolean expressions is presented. This model is used to derive a canonical representation for IPSec policies using ordered binary decision diagrams. Based on this representation, a comprehensive framework is developed to classify and identify conflicts that could exist in a single IPSec device (intra-policy conflicts) in enterprise networks. The testing and evaluation study on different network environments demonstrates the effectiveness and efficiency of the approach.
作者 黄俊 韩玲莉
机构地区 中国计量学院计算机科学系
出处 《计算机工程》 CAS CSCD 北大核心 2007年第12期185-187,共3页 Computer Engineering
基金 浙江省自然科学基金资助项目(Y109456)
关键词 网络安全 IPSEC 安全策略 防火墙 形式化模型 有序两元判定图表 Network security IPSec Security policy Firewall Formal model OBDD
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1刘渊,范晓岚,王开云,姜建国.IPSec的安全属性及其技术途径分析[J].计算机工程与设计,2005,26(10):2627-2629. 被引量:7
  • 2Doraswamy N,Harkins D.IPSec:The New Security Standard for the Internet,Intranets,and Virtual Private Networks[M].2nd ed.Prentice Hall PTR,2003:123-230.
  • 3Bryant R.Graph-based Algorithms for Boolean Function Mani-pulation[J].IEEE Transactions on Computers,1986,C-35(8):677-691.
  • 4Cisco Systems.Configuring IPSec Network Security in Cisco IOS Security Configuration Guide[M].Prentice Hall PTR,2003:239-450.
  • 5Burch J,Clarke E,McMillan K,et al.Symbolic Model Checking:1020 States and Beyond[J].Journal of Information and Computation,1992,98(2):211-220.
  • 6Lind-Nielsen J.The Buddy Obdd Package[Z].2005.http://www.bddportal.org/buddy.html.
  • 7Liu A,Gouda M.Complete Redundancy Detection in Firewalls[C]// Proc.of the 19th Annual IFIP Conference on Data and Applications Security,2005.

二级参考文献10

  • 1Kent S, Atkinson R. Security architecture for the internet protocol[S]. RFC2401, 1998.
  • 2M Gilmore Linda,Hall Charles, Barbara Mayer, et al.U.S. department of defense virtual private network (VPN) boundary gateway protection profile (PP) for basic robustness environments[R]. 2001.
  • 3Niels Ferguson Schneier Bruce. A cryptographic evaluation of IPSec[EB/OL]. 1999-04. http:∥www. counterpane.com.
  • 4Kent S, Atkinson R. IP encapsulating security payload[S]. RFC-2406, 1998.
  • 5Kent S, Atkinson R. IP authentication header[S].RFC2402, 1998.
  • 6Harkins, D Carrel D. The internet key exchange[S]. RFC2409,1998.
  • 7Radia Perlman Charlie Kaufman. Analysis of the IPSec key exchange standard[EB/OL].2001-06. http:∥csdl.computer. org.
  • 8Hugo Krawczyk. Rationale for the definitions of SKEYID [EB/OL].2001-06. http:∥www.vpnc.org/ietf-ipsec/mail-archive/msg00844. html.
  • 9Karn P, Simpson W. Photuris: Session-key management protocol[S]. RFC2522, 1999.
  • 10Charlie Kaufman. Internet key exchange (IKEv2) protocol[R].draft-ietf-ipsec-ikev2-14.txt, 2004.

共引文献6

计算机工程
2007年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部