期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

IPsec策略的冲突检测与协调

IPsec security conflict detection and reconciliation
下载PDF
导出
摘要 IPsec为信息在没有安全保护的网络中传递提供安全机制。但由于各种安全设备的安全策略描述不同,IPsec并没有被广泛采用。在分析各种异构网络和不同类型的通讯实体对通信安全要求的基础上,给出其IPsec安全策略的统一描述格式,以能够使各种安全设备、网络协调工作。在此条件下,给出设备、网络间策略冲突的简洁、高效的检测算法。最后,提出了一种策略协调算法,此算法能够提高网络的通信效率,并能够消除某些策略的冲突。 IPsecc can provides security for transmission of sensitive information over unprotected networks, however lt has not been wide used by security facilities from different manufacture because policies description ofthose security facilities are different. Based on analyzing security requirements about different manufactures and diversified networks, a set of standard IPsec policies description is presented, by witch different security facilities can configured and reconciled. Second, a mechanism to detect conflicts among IPsec policies are proposed, by which is more efficiency. Finally, how to reconcile security policies to improve efficiency and resolve conflicts among IPsec policies is discussed.
作者 张连宽 唐屹
机构地区 华南农业大学数学系 广州大学数学系
出处 《计算机工程与设计》 CSCD 北大核心 2008年第15期3852-3855,共4页 Computer Engineering and Design
基金 广东省科技计划基金项目(2005B10101024)
关键词 网际协议安全 安全策略 策略描述 冲突检测 协调 IPsec security policy policy description conflict detection reconciliation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Nganand Doraswwamy DanHarkins.IPSec新一代因特网安全标准[M].北京:机械工业出版社,2000. 被引量:1
  • 2Fu Z, Wu S F, Huang H, et al. IPsec/VPN security policy: Correctness, conflict detection and resolution [C]. Proceedings Policy, Lecture Notes in Computer Science. Berlin: Springer-Verlag,2001:39-56. 被引量:1
  • 3Yin Heng, Wang Haining. Building an application-aware IPsec policy system [C]. Proceedings of the 14th USENIX Security Symposium.Berkeley Calif:USENIX Association,2005:315-330. 被引量:1
  • 4Raj Mohan Levin, Irvine T E, C E. An editor for adaptive XML- based policy management of IPsec[C]. Computer Security Applications Conference. Las Vegas, Nevada: IEEE Computer Society,2003:276-285. 被引量:1
  • 5Wang H B,Jha S,McDaniel P D, et al. Security policy reconciliation in distributed computing environments[C]. Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. Washington, DC: IEEE Computer Society, 2005:137-146. 被引量:1
  • 6Ionnadis J. Why we still don't have IPsec[C]. Network and Distributed Systems Security Symposium. San Diego, California: Internet Society, 2003:73-87. 被引量:1
  • 7SOMMERFELD W. Requirements for an IPsec API[R]. Intemet Engineering Task Force, http://www.ietf.org/intemetdrafts/,draft-iet f-ipsp-ipsec-apireq-00.txt, 2003. 被引量:1
  • 8MaDaniel P, Prakash A.Methods and limitations of security plicy reconciliation [C]. IEEE Symposium on Security and Privacy. Oakland, California: IEEE Computer Society, 2002:73-87. 被引量:1
计算机工程与设计
2008年 第15期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部