期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

内核级透明代理TPF的设计与实现 被引量:1

A Dedicated Security OS Based Transparent Proxy Implemented In Kernel
下载PDF
导出
摘要 代理防火墙存在着性能不高、自身安全性无法保证、可扩展性差等诸多弱点。针对这些问题,本文提出了在定制安全操作系统基础上,将代理程序与OS内核协议栈一体化设计及代理程序分层实现的思想。介绍了报文分类标记、策略树机制、协议栈快速通道等实现内核级代理的关键技术,以及在安全OS内核中实现透明代理防火墙TPF的过程。TPF在性能、自身安全性和易扩展性方面较之传统代理防火墙有了显著的提高。 In this paper, disadvantages of traditional proxy firewall are analyzed , and then, TPF, a dedicated security OS based transparent proxy applied in kernel, is introduced. The conceptions and key technologies of TPF, such as integration in security OS kernel of proxy code, interruption slack off, packet classified and tagged, policy tree mechanism, protocol stack fast channel, layered software architecture, etc, make a remarkable improvement in autoimmunity, performance and expansibility of the proxy firewall.
作者 蔡圣闻 黄皓 谢俊元
机构地区 南京大学计算机科学技术系
出处 《计算机科学》 CSCD 北大核心 2004年第4期69-73,共5页 Computer Science
基金 国家863计划资助(课题编号2001AA144010) 江苏省软件和集成电路专项<高安全高性能的网络防火墙>项目资助
关键词 防火墙 网络安全 内核级透明代理 TPF 设计 计算机网络 Kernel proxy,Security OS,Policy tree, Protocol stack fast channel,Autoimmxmity
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Herrin G. Linux IP Networking. May 2000. http://kernelnewbies. org/documents/ipnetworking/linuxipnetworking. html
  • 2Anand V, Hartner B. TCP/IP Network Stack Performance in Linux Kernel 2.4 and 2.5 2002. http://www. linuxsymposium.org/2002/view_txt. php?text = abstract&amp;talk = 91
  • 3Stevens W R. TCP/IP Illustrated, Volume 2: Implementation.Addison Wesley Longman, Inc, 2000
  • 4Payne C, Markhan T. Articeture and Application for a Distributed Embedded Firewall. 2002. www. acsac. org/2001/papers/73. pdf
  • 5Cisto Systems, Evolution of the Firewall Industry 2002 http://www. cisco. com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3. htm
  • 6Srinivasan V.Fast and efficient internet lookups[D]:[Ph.D Thesis].Washington University,1999
  • 7Gallatin A, Chase J, Yocum K. Trapeze/IP:TCP/IP at NearGigabit Speeds, 1999 USENIX Annual Technical Conference
  • 8Epstein J, Thomas L, Monteith E. Using Operating System Wrappers to Increase the Resiliency of Commercial Firewalls. In:16th Annual Computer Security Applications Conf. 2000
  • 9Kang J-M, et al. Extended BLP Security Model Based on Process Reliability for Secure Linux Kernel. 2001. http://www.computer. org/proceedings/prdc/1414/1414toc. htm
  • 10Barford P, Crovella M. Critical Path Analysis of TCP Transactions. In:Proc. of the 2000 ACM SIGCOMM Conf. Sep.2000

共引文献2

同被引文献8

  • 1王宇.千兆防火墙的3大体系架构[J].中国计算机用户,2004(32). 被引量:1
  • 2Steve Carr, Philip Sweany.Automatic data partitioning for the agere payload plus network processor [C]. USA: ACM, 2004: 238-247.
  • 3Shrikumer H.40Gbps delayered silicon protocol engine for TCP record[C], Germany:System Design Records,2006:188-193.
  • 4Xuehong Sun, SartajK Sahni, Yiqiang Q Zhao.Paeket classification consuming small amount of memory[C]. USA:IEEE/ACM Transactions on Networking,2005:1135-1145.
  • 5Wright C Cowan,Morris J.Linux security modules: General security support for the Linux kernel [C]. San Francisco, CA: USENIX Association, USENIX Security Symposium, 2002: 17-31.
  • 6Mangione-Smith W H,Memik G,Network processor technologies [EEOL]. http:/www. cs.ucr. edu/-bhuyan/cs162/LECTURE8.ppt, 2001.
  • 7Gleen Herrin. Linux IP networking [EBOL] .http://www.cs. unh.edu/cnrg/gherrin/inux-net.html.
  • 8曾宇.千兆防火墙的技术发展分析[J].计算机安全,2003(33):56-56. 被引量:1

引证文献1

计算机科学
2004年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部