摘要
为了克服IP组播模型的开放性,使得在现有互联网条件下能够为组播管理者提供用户对频道的访问控制,在原有安全组播模型的基础上,提出了一种基于IPv6网络环境的组播用户安全管理系统模型的设计方案。该方案采用钩子(hook)机制在接入路由器上挂载了认证与访问控制模块,任何想要监听组播流的用户,都要通过该模块进行身份认证与频道访问权限的判定,从而实现了基于频道的组播用户安全管理。并在教育科研骨干网中实验验证了该系统的身份认证和访问控制功能。
To overcome the openness of the IP multicast model, and making it possible for multicast manager to achieve user access control toward channel in current Internet condition, secure management for multicast receivers under IPv6 condition is pro- posed based on quondam secure multicast model. Hook mechanism will be used to add authentication model to the access router in this system. Any multicast receiver must go through this model for identity authentication and access control. Then, secure management for multicast receivers can be partly achieved. Moreover, the function of identity authentication and access control is verified by testing this system during cernet condition.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第8期2951-2955,共5页
Computer Engineering and Design
基金
国家科技支撑计划基金项目(2008BAH37B03)
