共查询到19条相似文献,搜索用时 390 毫秒
1.
目前单一、孤立的安全防护设备越来越难以胜任计算机网络的安全防护工作,基于源端身份认证和完整性校验的可信计算连接(TNC)架构将可信性由终端平台延伸至网络,一定程度上为网络提供了可信性保障。文中在研究TNC的基础上提出了对可信网络概念的一些新的认识,并设计了一种可信网络安全平台实现方案。 相似文献
2.
在可信网络连接(TNC)里,一个网络访问决策是以访问请求方的安全状态为基础的。这个机制受限于封闭的环境,比如局域网和虚拟专用网。本文提出了基于认证标准的解决方法,使得TNC适用于开放的WEB场景。特别提出了把安全和隐私需求考虑在内的TNC架构模型。 相似文献
3.
在可信网络连接(TNC)里,一个网络访问决策是以访问请求方的安全状态为基础的。这个机制受限于封闭的环境,比如局域网和虚拟专用网。本文提出了基于认证标准的解决方法,使得TNC适用于开放的WEB场景。特别提出了把安全和隐私需求考虑在内的TNC架构模型。 相似文献
4.
计算平台接入网络时的可信状态对网络安全具有重要的影响,为此可信计算组织TCG提出了TNC架构用以解决计算平台的可信接入问题,该架构提出了可信接入的模型和基本方法,已成为业界的研究热点.通过研究基于TNC架构的可信接入控制技术,实现了具有可信接入控制功能的可信交换机,并给出了可信接入控制应用解决方案,表明基于TNC的可信接入控制技术可以有效地从网络入口处防止非法或不可信终端给网络带来的潜在安全威胁. 相似文献
5.
6.
随着云计算技术的广泛应用和无线网络技术的快速发展,面向无线互联的云计算网络安全架构设计与实现成为一个重要议题。文章针对无线互联环境下云计算的网络安全挑战,提出了一种新的网络安全架构。首先,分析了无线互联环境特有的安全挑战,如数据传输的安全性、网络访问控制以及针对多样化威胁的防御机制。随后,提出了一种结合云计算特性的网络安全架构,这一架构包括但不限于数据加密技术、访问控制策略、虚拟安全技术以及基于云的监控和响应机制。文章研究的网络安全架构可以提高无线互联环境下云计算网络的安全性,确保数据的保密性和网络的完整性。 相似文献
7.
企业移动信息化和全业务运营的趋势,给运营商带来了发展机会,也对现有网络形成了挑战。文章在分析了企业移动信息化需求和运营商现有网络架构后,为了在未来全业务运营环境下更好促进企业信息化,对运营商现有网络发展思路和策略进行了探讨。 相似文献
8.
文章从运营商的角度出发,分析了物联网的业务环境和构建运营管理支撑能力的技术要求;进而基于运营商的网络基础和业务基础,分析运营商如何协调现有业务网络和物联网应用的发展,如何搭建M2M管理平台,如何对现有业务网络进行架构优化,使其扩展并符合物联网和泛在网络的发展,并最终形成一体化的目标网络架构. 相似文献
9.
10.
WiiSE的研究目标是将网络架构调整至最适合移动互联网的业务架构,通过大量引入颠覆性技术、创新技术、各种跨界技术,推动现有网络架构发生大改变。智能终端市场的火热和移动互联网业务的蓬勃发展,对于网络基础设施带来了很大的挑战,在现有的网络架构上,运营商正在通过各种手段能够满足业务的多元化、终端智能化、网络宽带化。 相似文献
11.
12.
13.
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead. 相似文献
14.
Bellavista P. Corradi A. Stefanelli C. 《Selected Areas in Communications, IEEE Journal on》2000,18(5):676-685
Technological and human factors have contributed to increase the complexity of the network management problem. Heterogeneity and globalization of network resources, on one hand, have increased user expectations for flexible and easy-to-use environments; on the other hand, they have suggested entirely novel ways to face the management problem. Several research efforts recognize the need for integrated solutions to manage both network resources and services in open, global, and untrusted environments. In addition, these solutions should permit the coexistence of different management models and should interoperate with legacy systems. In the paper, we define a general architecture based on a distributed processing environment (DFE) that offers a large set of facilities to the application level. We have developed the MESIS management environment shaped after the above architecture and its DPE facilities with mobile agents technology. MESIS handles, in a uniform way, both resources and services, and focuses on two crucial properties: interoperability to overcome heterogeneity, and security to grant users safe and protected operations. The Agent Interoperability Facility supports compliance with CORBA-based management systems and with MASIF agent platforms. The Agent Security Facility provides authentication, integrity, privacy, authorization, and secure interoperation with CORBA systems 相似文献
15.
An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed 相似文献
16.
This paper develops a copy network architecture that can maintain the cell sequence integrity in multi-channel ATM switching. The architecture is internally nonblocking in the sense that the copying process of cells is constrained only by the availability of output channels. By using a relative ordering among the inputs, shared buffering, and a new switching paradigm called the nonblocking binary group network, we show how the cell sequence integrity can be maintained. Next, assuming the fanout request values of cells are distributed independently from cell to cell, we formulate a method of analyzing the performance of the copy network. This method uses the technique of tagged Markov chains to derive the stationary distributions for the number of cells in the copy network from which, delay, throughput, and cell loss probability can be accurately calculated as critical performance measures. We conduct a numerical study for the proposed architecture using this method wherein the effects of key network and traffic variables such as buffer and network sizes, and the mean and the variance of fanout request values are determined under arbitrary types of fanout distribution. Finally, we quantify the performance improvement due to fanout splitting which allows the fanout request from a single cell to be satisfied over multiple time slots 相似文献
17.
Delay-tolerant networking: an approach to interplanetary Internet 总被引:13,自引:0,他引:13
Burleigh S. Hooke A. Torgerson L. Fall K. Cerf V. Durst B. Scott K. Weiss H. 《Communications Magazine, IEEE》2003,41(6):128-136
Increasingly, network applications must communicate with counterparts across disparate networking environments characterized by significantly different sets of physical and operational constraints; wide variations in transmission latency are particularly troublesome. The proposed Interplanetary Internet, which must encompass both terrestrial and interplanetary links, is an extreme case. An architecture based on a "least common denominator" protocol that can operate successfully and (where required) reliably in multiple disparate environments would simplify the development and deployment of such applications. The Internet protocols are ill suited for this purpose. We identify three fundamental principles that would underlie a delay-tolerant networking (DTN) architecture and describe the main structural elements of that architecture, centered on a new end-to-end overlay network protocol called Bundling. We also examine Internet infrastructure adaptations that might yield comparable performance but conclude that the simplicity of the DTN architecture promises easier deployment and extension. 相似文献
18.
IMS中的网络域安全管理模型 总被引:1,自引:0,他引:1
本文提出了IMS中的网络域安全管理模型,分别介绍了IMS中的网络域安全管理结构、密钥管理和分配机制以及PKI结构。此模型引入的安全网关用以生成且管理以PKI结构为基础的密钥和证书。IPSec协议用来提供机密性和完整性保护。 相似文献
19.
3G系统安全技术研究 总被引:1,自引:0,他引:1
文章介绍了第3代移动通信系统的安全结构,包括网络结构、功能结构;讨论了第3代移动通信系统的空中接口安全保护技术,包括数据螂性保护、数据完整性保护。 相似文献