| 面向应用的IPSec系统策略管理机制 |
| |
| 引用本文: | 周辉,程东年,权乐.面向应用的IPSec系统策略管理机制[J].计算机工程与科学,2007,29(5):15-18. |
| |
| 作者姓名: | 周辉 程东年 权乐 |
| |
| 作者单位: | 信息工程大学信息工程学院,河南,郑州,450002 |
| |
| 摘 要: | 针对现有IPSec系统策略机制的不足,本文提出了一种面向应用的IPSec系统策略管理机制,通过监视应用程序的socket活动,实时地设置好相应的IPSec策略,对IP流实施细粒度的、不同等级的保护;同时,提供高级语言形式的策略设置语句,以满足用户添加和修改细粒度IPSec策略的需要;提供解决策略冲突的算法,将相互冲突的需求转化为无冲突的策略。该机制可以提高现有IPSec系统的性能,使其更好地满足网络实际环境的需要。
|
| 关 键 词: | IPSec策略 策略冲突 socket监控 消除冲突 |
| 文章编号: | 1007-130X(2007)05-0015-04 |
| 修稿时间: | 2006-10-102006-11-28 |
An Application-Oriented IPSec System Policy Management Mechanism |
| |
| ZHOU Hui,CHENG Dong-nian,QUAN Le.An Application-Oriented IPSec System Policy Management Mechanism[J].Computer Engineering & Science,2007,29(5):15-18. |
| |
| Authors: | ZHOU Hui CHENG Dong-nian QUAN Le |
| |
| Affiliation: | School of Information Engineering, Information Engineering University, Zhengzhou 450002, China |
| |
| Abstract: | In view of the flaws of the existing IPSec system policy mechanisms,this paper presents an application-oriented IPSec system policy management mechanism.By monitoring the socket activities of the application layer,we create the corresponding IPSec policy in a real-time manner,and provide different grades of fine-grained protection for the IP flow.We also present the expressions of policy setting that uses a high-level language form,in order to satisfy the users'needs to add,change and delete the fine-grained IPSec policy.In addition,we give an algorithm to resolve the policy conflicts,and transform the conflicting policies into conflict-free ones.The mechanism can improve the performance of the existing IPSec,so it can meet the actual network environment better. |
| |
| Keywords: | IPSec policy policy conflict socket monitoring conflict removal |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
