| 基于隐式安全标记的IPsec研究 |
| |
| 引用本文: | 杨晓红,杜学绘,曹利峰. 基于隐式安全标记的IPsec研究[J]. 计算机工程, 2011, 37(13): 109-112. DOI: 10.3969/j.issn.1000-3428.2011.13.035 |
| |
| 作者姓名: | 杨晓红 杜学绘 曹利峰 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院,郑州,450004 |
| |
| 基金项目: | 国家"863"计划基金资助项目"面向等级保护的可信互联关键技术与多级互联系统" |
| |
| 摘 要: | 针对传统IPsec无法解决多级安全网络环境下的通信问题,提出一种基于隐式安全标记的IPsec方案。通过引入隐式安全标记,改进IKE、ESP协议处理流程,将IPsec SA与隐式安全标记有效绑定,并依据所保护数据信息的重要程度,协商标记SA时选取强度不同的算法及密钥,动态构建多密级标记保护隧道,实现不同密级数据流的逻辑隔离及安全通信。
|
| 关 键 词: | 多级安全网络 隐式安全标记 IPsec协议 访问控制 标记隧道 |
| 收稿时间: | 2011-01-06 |
Research of IPsec Based on Implicit Security Label |
| |
| YANG Mao-hong,DU Xue-hui,CAO Li-feng. Research of IPsec Based on Implicit Security Label[J]. Computer Engineering, 2011, 37(13): 109-112. DOI: 10.3969/j.issn.1000-3428.2011.13.035 |
| |
| Authors: | YANG Mao-hong DU Xue-hui CAO Li-feng |
| |
| Affiliation: | (Institute of Electronic Technology,PLA Information Engineering University,Zhengzhou 450004,China) |
| |
| Abstract: | Focusing on the problem of communication with traditional IPsec in Multi-level Security(MLS) network,this paper presents a solution about IPsec based on implicit security label.This solution solves the problem by adding implicit security label in IPsec,improving the processing of IKE,ESP protocol,binding the IPsec SA and implicit security label,selecting different algorithms and keys based on different information.It sets up different levels of labeled tunnels dynamically,and realizes the isolation of different levels of data stream and security communication in MLS networks |
| |
| Keywords: | Multi-level Security(MLS) network implicit security label IPsec protocol access control labeled tunnel |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
