摘要
提出了基于IPv6的分层动态地址访问控制系统Hardy的设计原型.Hardy在不影响IPv6地址前缀路由功能的前提下,将地址的后缀部分设置为可动态改变的身份地址.分层网络中的子节点将会从父节点继承部分身份地址加入到自己的地址中作为后缀.同时,父节点将获知子节点的身份地址并据其对通往子节点的流量进行过滤.主机或网络节点通过定期改变自己的身份地址并通知父节点修改过滤规则,来阻止曾经获取其合法地址的恶意用户对其进行进一步访问.身份地址可以通过终端主动访问的方式告知对端,或通过平台发布供授权得到验证的对端获取.
The designing prototype of an IPv6-based hierarchical dynamical addressing system named Hardy was proposed.Hardy imposed the IPv6 address suffix as a dynamical identity address called IA,without affecting its routing and forwarding functionalities.The identity address(IA)of a parent node was adopted by the children nodes as the suffix for their IA.Meanwhile,a child node′s IA was acknowledged by its parent node for traffic filtering,to prevent malicious access from hosts who had obtained the obsolete IA.The up-to-date identity address can be directly notified to the other hosts by active access,or be published and retrieved by those who passed the authority verification.
作者
朱晶
刘莉莉
吴建平
Zhu Jing;Liu Lili;Wu Jianping(Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第S1期84-88,98,共6页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家发改委CNGI资助项目(CNGI-12-03-001)
关键词
访问控制
编址模式
分层系统
过滤
拒绝访问攻击
协议
access control
addressing mode
hierarchical system
filter
denial of service attack
protocol