| 主动网络信包验证和代码授权机制研究 |
| |
| 引用本文: | 周恒琳,李增智. 主动网络信包验证和代码授权机制研究[J]. 微电子学与计算机, 2004, 21(7): 112-116 |
| |
| 作者姓名: | 周恒琳 李增智 |
| |
| 作者单位: | 西安交通大学系统结构与网络所,陕西,西安,710049 |
| |
| 基金项目: | 国家自然科学基金资助项目(60173059) |
| |
| 摘 要: | 本文提出了运用认证和授权方式来解决主动网络所面临的安全问题,利用X509证书、数字签名、jaVa语言安全以及Java认证和授权服务等实现了一个主动网络的信包认证和代码授权机制,并在原主动信包的基础上设计了安全主动信包。其中,信包验证包括了对主动信包的身份认证和完整性验证,主要是为了解决非法节点向主动节点发送恶意代码或者中途篡改主动信包的问题;代码授权包括了对EE代码的授权和对主动信包代码的授权,通过限制外来代码在主动节点上的活动来避免其对主动节点造成危害性后果。
|
| 关 键 词: | 主动网络 安全主动信包 验证 授权 JAAS 策略 证书 签名 |
| 文章编号: | 1000-7180(2004)07-112-05 |
| 修稿时间: | 2004-01-09 |
Research of the Packet Authentication and Code Authorization Mechanism for Active Networks |
| |
| ZHOU Heng-lin,LI Zeng-zhi. Research of the Packet Authentication and Code Authorization Mechanism for Active Networks[J]. Microelectronics & Computer, 2004, 21(7): 112-116 |
| |
| Authors: | ZHOU Heng-lin LI Zeng-zhi |
| |
| Abstract: | The paper represents how to utilize the authentication and authorization theory to resolve the secure problem of the active network. A packet authentication and code authorization mechanism for active network is realized, with the application of the digital certificate and signature technology, the security system of the Java language, as well as the Java Authentication and Authorization Service; In addition, the secure active packet is designed to collaborate with this mechanism. The packet authentication module authenticates the identity of the active packet and checks the integrality of the packet in order to prevent illegal active node from sending baleful code or juggling the active packet midway. The code authenticate module includes authentication of the Executive Environment's code and authentication of the active packet's code. It avoids the ruinous effect on active node by restricting the action of the extraneous code in the active node. |
| |
| Keywords: | Active network Secure active packet Authentication Authorization JAAS Policy Certificate Signature |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
