| 基于主机的网络层访问控制机制设计与实现 |
| |
| 引用本文: | 李莉,沈苏彬,毛燕琴.基于主机的网络层访问控制机制设计与实现[J].计算机工程与应用,2006,42(8):114-117,140. |
| |
| 作者姓名: | 李莉 沈苏彬 毛燕琴 |
| |
| 作者单位: | 南京邮电大学网络技术研究中心,南京,210003 |
| |
| 摘 要: | 目前大部分访问控制机制实施于网络边缘,无法解决网络内部的安全问题。文章提出了一种基于主机的网络层访问控制机制,它由密钥协商协议和报文检测协议组成,对主机的网络行为和报文传递提供安全控制,适合在局域网等小范围网络实施,能够解决网络内部的假冒、篡改等安全问题。在局域网环境下实现了基于Linux平台的访问控制系统,对系统总体设计方案、开发平台、关键机制的实现方法及相关技术进行了详细叙述。并对实现的原型系统进行简单测试和分析。
|
| 关 键 词: | 访问控制 密钥协商 报文检测 |
| 文章编号: | 1002-8331-(2006)08-0114-04 |
| 收稿时间: | 2005-11 |
| 修稿时间: | 2005-11 |
Design and Implementation of Host-based Access Control Mechanism on Network Layer |
| |
| Li Li,Shen Subin,Mao Yanqin.Design and Implementation of Host-based Access Control Mechanism on Network Layer[J].Computer Engineering and Applications,2006,42(8):114-117,140. |
| |
| Authors: | Li Li Shen Subin Mao Yanqin |
| |
| Affiliation: | Research Center of Network Technology,Nanjing University of Posts and Telecommunieations,Nanjing 210003 |
| |
| Abstract: | Presently most access control mechanisms are implemented on the edge of networks,which can not solve inner security problems.A host-based access control mechanism on network layer is put forward.Consisting of key exchange protocol and packet check protocol ,the mechanism provides control to the behavior of hosts and packet trans- mission inside the network,which is suitable for mini-scale networks such as LANs and can solve security problems inside the network such as spoofing,modifying and so on.The access control system based on Linux is implemented in a LAN.The whole architecture of the system,the development platform,implementation methods of important mechanisms and relevant techniques are discussed in detail.Simple testing and analysis is given to this system. |
| |
| Keywords: | access control key exchange packet check |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
