中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
网络层安全的设计和实现的研究
作者: 谢海永
答辩日期: 2000
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 网络层安全 ; 嵌入式系统 ; 网间设备
摘要: 目前,Internet正在经历着飞速的发展,极大和深远地影响着人们的生活方式和社会的运行模式。然而,在现有的信息基础设施中,存在着巨大的安全隐患。安全问题从Internet开始出现那一刻起,就成为困扰所有Internet用户的重大问题。本论文主要论述在IPv4协议中加入网络层安全机制。在论文中,分析了安全机制在网络各层的实现代价,并着重分析了在网络层实现相应安全机制的可行性;然后提出了一种可移植性、开放性、和设备无关性良好的设计思路,并描述了在一个具体操作系统上修改核心网络层、实现网络层安全的过程。全文共分五章来讨论对网络层安全的研究和实现。第一章分析了安全问题在网络发展中的地位。指出了在网络各层实现安全机制的可行性、必要性。第二章主要是分析在网络层实现安全机制的解决方案,和IETF制定的网络层安全标准。在第三章中阐述了在Linux上实现网络层安全的设计和实现,它由IPSec虚拟网络设备模块、IPSec核心控制界面模块、IPSec核心安全策略模块、加密算法模块、认证算法模块、IPSec调试模块以及外部IPSec管理程序模块构成。最后,阐述了对这种实现的结构和性能分析。第四章主要是描述了网络层安全的一个人具体应用实例,即在ISDN-Internet网间互联设备上实现网络层安全,以实现VPN技术的实例。然后对这种实现作了性能分析。第五章重点是对在网络层实现安全机制的总结,指出了改进和未来的发展方向。第六章是结束语。
英文摘要: Now Internet has been experiencing rapidly growth and international corporations, large companies, small companies, and personal users are all getting access to it, to make it worse, most of them are making money from Internet. So emerge the problems: SECURITY. Security has been the most important problem since Internet began to expand. It has brought tremendous influences on all of the Internet users. This paper mainly deals with how to solve most of the security problem neatly and simply in the network layer. As we know, security properties can be provided on different levels. From the highest level, which is application and user level, to the level of physical layer, e.g. Ethernet, can security be implemented. The paper is divided into several chapters as follow: The first chapter shows the background of network security problems, points out that there are almost next to no security mechanisms in the current and popular IPv4 implementations. Then it explores the possibility and necessity of implementing security mechanisms in each level of network. The second chapter deals with implementation of security properties in the IP level or network level. Firstly, I introduced some simple thoughts and realizations in this area. Then I will describe the IP security standards in details. Then comes the third chapter, which is the main body of the thesis. In this chapter, I pay every effort to describe how to implement IP security in a real operating system, i.e. Linux, in detail. To make it neat and easy to be understood, I separate the system into several modules: IPSec virtual device module, IPSec kernel support/control interface module, IPSec kernel security policy module, IPSec cryptographic algorithms module, IPSec authentication algorithms module, and userlevel IPSec management module. Only the last module resides and runs in the user space of the OS. Other modules are all kernel-space modules. After the details. I will describe the performance analysis of the implementation and give some optimizations. In chapter 4, I apply the IP security system into an existing network environment, which consists of our testing bed for network applications. It is an important application since only in the simulated real network world can I test the system's performance, bugs, and other properties. Chapter 5 draws the conclusion. It assess the implementation generally, points out the defects of the current implementation which is described as above, and indict the future directions of the system.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6938
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW002131.pdf(1519KB)----限制开放-- 联系获取全文

Recommended Citation:
谢海永. 网络层安全的设计和实现的研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2000-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[谢海永]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[谢海永]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace