Institutional Repository
| 基于IPSec协议的路由器中安全系统的研究与实现 | |
| Alternative Title | Research on and Implementation of the security environment of the Security Router with IPSec |
| 李卿 | |
| Major | 计算机应用技术 |
| 2004 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 中国科学院软件研究所 |
| Keyword | 路由器 访问控制 审计 |
| English Abstract | 近年来,INTERNET得到了飞速的发展,广泛的渗入到个人和社会的各个方面,越来越多的信息需要通过取TERNET来传输,其中就包括大量的敏感、机密的信息。然而,INTERNET本身的基础设施中存在着巨大的安全隐患。所以,IPSec协议作为IP网络中的安全协议被提出来,以解决IP层的安全通信问题。基于IPSec协议的路由器的目的就是以IPSec的实现为基础,提供网络信息的安全通信。本文将根据基于IPSec协议的路由器本身以及提供的服务存在的安全隐患,分析当前的安全技术,阐述如何搭建一个在能够保证自身安全的前提下提供安全服务的基于IPSec协议的路由器的方法。基于IPSec协议的路由器的安全保障由路由器中的访问控制系统、密钥管理系统、审计系统、安全服务策略系统、智能诊断系统以及IPSec实现共同提供。本文将详细介绍针对这些系统的研究与实现。并且在访问控制方面,本文还针对现有的层次化RBAC模型中角色更改困难的问题提出了自己的角色分离的层次化曲AC模型。本文组织如下:第一章简要介绍系统安全和基于IPSec协议的路由器;第二章介绍了基于IPSec协议的路由器的安全系统框架;第三章介绍路由器中的访问控制系统;第四章介绍了路由器中的密钥管理系统;第五章介绍了路有器中的审计系统:第六章介绍了路由器中的安全服务策略系统;第七章介绍了路由器中的智能诊断系统;第八章总结了全文,并且提出了对下一步工作的展望。 |
| Abstract | In recent years, Internet has been experiencing rapidly growth and infiltrating into many aspects of person and society. More and more information have been transported via Internet, including a large amount of sensitive and confidential information. The infrastructure of Internet, however, has many security hidden troubles. IPSec has been proposed as the security protocol of the IP network, to provide IP security. The Router with IPSec is meant to provide security communication on the basis of the IPSec implementation. To eliminate the hidden trouble existing in the Security Router and the service it provides, the paper demonstrates a building for the security environment of the Router on the basis of comparing the state-of-the-art, which can protect the Router providing security service. The security environment of the Router with IPSec is provided by the cooperation of access control system, key management system, audit system, security service strategy system, intelligent diagnosis system and IPSec implementation. The paper will deliberately introduce the research and implementation of these systems. Besides, the paper proposes a Hierarchy RBAC Model Based on Separation of Duties to solve the difficulty of altering the roles in Hierarchy RBAC Model. The paper is organized as this: The first chapter introduces system security and the Security Router with IPSec; The second chapter introduces the security architecture of the Security Router system; The third chapter introduces the access control system of the Security Router; The fourth chapter introduces the key management system of the Security Router; The fifth chapter introduces the audit system of the Security Router; The sixth chapter introduces the security service strategy system of the Security Router; The seventh chapter introduces the intelligent diagnosis system of the Security Router; The eighth chapter gives a conclusion and indicts the future directions of the system. |
| Pages | 69 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/5648 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 李卿. 基于IPSec协议的路由器中安全系统的研究与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所,2004. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| LW014056.pdf(2811KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment