主动网络安全原型的设计

提出利用可插入模块方式设计主动网络动态可扩展的安全原型,实现了加密与数字签名、授权、验证和代码撤消等方面的安全.加密与数字签名解决了主动代码的完整性和机密性问题;使用解码绑定方式,实现了可扩展的系统加密方法.系统采用基于证书的验证方式,专门设计证书中心,负责颁发X.509格式的证书,使用目录服务器(LDAP)对证书进行管理.用主动权来描述任何可以表示的授权策略,系统既可以使用默认的某种策略,也可以根据用户需要更换策略.代码撤消部分的设计保证主动代码执行的有效性,同时根据数据库对代码的跟踪记录,进行安全预警.

Study of Scalable Security for Active Network

By the aid of pluggable module,a security prototype is designed in the active network,which facilitates the security in the aspects of encryption,digital signature,authorization,authentication and revocation.The encryption and digital signature ensure the integrity and confidentiality to the active code.The decode-binding realizes the expansion capacity of the encryption methods in the system.By means of the certificate-checking method,the whole system designs a certificate center that issues X.509 certificate and manages the certificate through light directory access protocol (LDAP).With the active capability adapted to describe any authorization policy,the system can either choose the permitted policy or change the policy according to the requirements of the users .The revocation designed for the active network ensures the validity in the operation of the active code.In the meantime,with the trace records in the database,the revocation can realize the security alarm in the whole system.