| 基于协议转换的安全网关原型系统设计与实现 |
| |
| 引用本文: | 陈志祥,陆音,陆桑璐,陈道蓄.基于协议转换的安全网关原型系统设计与实现[J].计算机应用,2007,27(2):299-302. |
| |
| 作者姓名: | 陈志祥 陆音 陆桑璐 陈道蓄 |
| |
| 作者单位: | 南京大学,计算机软件新技术国家重点实验室,江苏,南京,210093 |
| |
| 摘 要: | 提出了一种IPv4,IPv6混合网络下基于协议转换的安全网关原型系统设计(Hybrid-SG),并基于Linux 2.6内核Netfilter框架实现了基本功能。Hybrid-SG在协议转换的基础上跟踪UDP/TCP连接会话,并可实施简单的端到端的安全访问控制策略。实验测试结果表明, Hybrid-SG对端到端数据包传输的时延影响不大,可满足企业组网及安全控制的实际需要。
|
| 关 键 词: | 网络地址转换—协议转换 协议转换 安全网关 连接跟踪 端到端访问控制 |
| 文章编号: | 1001-9081(2007)02-0299-04 |
| 收稿时间: | 2006-08-31 |
| 修稿时间: | 2006-09-05 |
Design and implementation of security gateway prototype system based on protocol translation |
| |
| CHEN Zhi-xiang,LU Yin,LU Sang-lu,CHEN Dao-xu.Design and implementation of security gateway prototype system based on protocol translation[J].journal of Computer Applications,2007,27(2):299-302. |
| |
| Authors: | CHEN Zhi-xiang LU Yin LU Sang-lu CHEN Dao-xu |
| |
| Affiliation: | State Key Laboratoryfor Novel Software Technology, Nanjing University, Nanjing Jiangsu 210093, China |
| |
| Abstract: | This paper described the design of a security gateway based on protocol translation in IPv4-IPv6 hybrid network, and implemented a security gateway prototype system based on Linux 2.6 kernel netfilter framework. The prototype system tracks up-layer UDP/TCP connections based on protocol translation and it performs hybrid end-to-end access control policies. Experimental testing results indicate that it has small latency during end-to-end packet transmission and may satisfy the needs of enterprise networking. |
| |
| Keywords: | NAT-PT protocol translation security gateway connection tracking end-to-end access control |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
