期刊文献+

基于IPv6安全策略系统及一致性研究 被引量:3

Study on Ipv6-based Security Policy System and Consistency
原文传递
导出
摘要 在IPv6网络环境下,虽然IPSec可以为其提供强大的安全支持,但是如果IPSec策略配置不当,将达不到预期的安全目标。在策略驱动的分布式网络环境中,安全策略从配置、分发到实施的每一阶段都必须保持一致。本文首先分析IPv6的安全需求,给出一个多级多域的分布式策略系统,讨论了该模型中策略的存储、配置以及IPSec策略实施阶段策略可能发生的冲突,通过深入研究策略冲突产生的原因给出切实可行的解决方案。 Although IPSec protocols provide Ipv6 network environment with powerful security support, the expected goal in protecting Internet security would never be realized if IPSec policies are improperly configured. In distributed Internet, the establishment, distribution and implementation of the security policy must be consistent. Based on the security requirement of Ipv6, this paper gives a multi-level and multi-domain distributed policy system and discusses the situations of policy-conflict happening, including policy configuration and implementation. By in-depth study of the policy conflicts, the practical solutions are proposed.
出处 《信息安全与通信保密》 2007年第8期142-145,共4页 Information Security and Communications Privacy
关键词 IPV6 策略系统 IPSEC策略 策略一致性 IPv6 policy system IPSec policy policy consistency
  • 相关文献

参考文献8

  • 1[1]S.Kent,Atkinson R.Security Architecture for the Internet Protocol[R].RFC-2401.Internet Society,Network Working Group,Nov.1998.
  • 2[2]Sanchez L A,Condell M N.draft-ietf-ipsec-sps-00.txt.Se-c urity Policy System,1998.11.
  • 3[3]Sanchez L A,Condell M N,draft-ietf-ipsp-spp-00.txt.Security Policy Protocol.2000.7,Security Policy Protocol.draft -ietf-ipsp-spp-00.txt,2000-07
  • 4[4]MING X,KRITHI R.Scheduling transactions with temporal con-straints:exploiting data semantics[J].IEEE Transactions onKnowledge and Data Engineering,2002,14(5):1155~1166.
  • 5刘婷婷,张友良,汪惠芬.安全策略的一致性维护研究[J].计算机工程与应用,2004,40(31):21-24. 被引量:5
  • 6[6]Chang C L,Chiu Y P,Lei C L,Automatic Generation of Conflict-Free IPsec Policies[A].IFIP International Federation for Information Processing 2005.233~246.
  • 7[7]Yang Y,Martel C U,Wu S F.On Building the Minimal Number of Tunnels-An Ordered-Split approach to mnage IPsec/VPN policies.9th IEEE/IFIP Network,Operations and Management Symposium (NOMS 2004),April 2004.277~290.
  • 8[8]Fu Z,F u W S.Automatic Generation of IPsec/VPN Security Policies in an Intra-Domain Environment[M].12th International Workshop on Distributed Systems:Operations& Management (DSOM 2001),2001.

二级参考文献7

  • 1Laurence Cholvy,Fr′ed′eric Cuppens. Analyzing Consistency of Security Policies[C].In:Proceedings of the 1997 IEEE Symposium on Security and Privacy,IEEE Computer Society Press,1997
  • 2Carlos Ribeiro.Security Policy Consistencyp[R].Technical report,INESC,2000
  • 3Serban I Gavrila,John F Barkley. Formal specification for RBAC user/role and role relationship management[C].In:Proceedings of the Third ACM Workshop on Role Based Access Control,1998:81~90
  • 4Mavridis I,Pangalos G,Khair M.eMEDAC:Role-based Access Control Supporting Discretionary and Mandatory Features[C].In :Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security,Seattle,Washington, USA, 1999
  • 5M J Covington,M J Moyer,M Ahamad.Generalized role-based access control for securing future applications[C].In:proceedings of the 23rd national information systems security conference,2000
  • 6Sejong Oh,seogPark. An Improved Administration Method on RoleBased Access Control in the Enterprise Environment[J].Journal of information science and engineering,2001;17:921~944
  • 7Ferraiolo D,Sandhu R.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security,2001;4(3) :224~274

共引文献4

同被引文献10

引证文献3

二级引证文献9

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部