IPsec/VPN security policy correctness and assurance

Yanyan Yang; Charles U. Martel; Zhi (Judy) Fu; Shyhtsun Felix Wu

首页> 外文期刊>Journal of High Speed Networks >IPsec/VPN security policy correctness and assurance

【24h】

IPsec/VPN security policy correctness and assurance

机译：IPsec / VPN安全策略的正确性和保证

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

With IPsec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements, especially among different administrative domains across the Internet. Under current practice, IPsec/VPN policies are specified individually by system administrators from different organizations without any formal coordination. This practice implies unintentional errors due to inconsistent IPsec/VPN policies. Furthermore, Internet routing dynamics may possibly interfere with IPsec/VPN policies such that unexpected conflicts occur due to a mismatch between the routing and IPsec/VPN layers. To deal with these problems, we formally define IPsec security requirements, policies, and their correctness criteria. Based on these definitions, we present an inter-domain architecture to automatically generate correct and efficient security policies. Our approach works when we are given a set of security requirements for a single end-to-end traffic flow. We can also deal with changes when new security requirements are added. Finally, we present simulation results which evaluate the performance of our solutions.

机译：随着IPsec / VPN策略的广泛部署，如何正确地指定和配置它们对于实施安全要求至关重要，特别是在Internet上不同管理域之间。在当前的实践中，IPsec / VPN策略由来自不同组织的系统管理员分别指定，没有任何正式协调。由于IPsec / VPN策略不一致，这种做法意味着意外的错误。此外，Internet路由动态可能会干扰IPsec / VPN策略，从而由于路由和IPsec / VPN层之间的不匹配而发生意外冲突。为了解决这些问题，我们正式定义了IPsec安全要求，策略及其正确性标准。基于这些定义，我们提出了一种域间体系结构，以自动生成正确且有效的安全策略。当为单个端到端流量提供了一组安全要求时，我们的方法就会奏效。添加新的安全要求后，我们还可以应对更改。最后，我们给出了仿真结果，用于评估解决方案的性能。

著录项

来源
《Journal of High Speed Networks》 |2006年第3期|p.275-289|共15页
作者
Yanyan Yang; Charles U. Martel; Zhi (Judy) Fu; Shyhtsun Felix Wu;
展开▼
作者单位

Department of Computer Science, University of California, Davis, USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
IPsec/VPN security policy; security requirement; security policy correctness; security policy management; security policy assurance;

机译：IPsec / VPN安全策略;安全要求;安全策略正确性;安全策略管理;安全策略保证;

相似文献

外文文献
中文文献
专利

1. Implementing IPsec — making security work on VPNs, intranets and extra nets [J] . Elizabeth Kaufman, Andrew Newman Computer Fraud & Security . 2000,第7期

机译：实施IPsec —使安全性在VPN，Intranet和附加网络上发挥作用
2. A mechanism of policy-based security control in communication between VPNs [J] . Isamu Imaida, Kaori Isagai, Junichir Murayama 電子情報通信学会技術研究報告. 交換システム . 2000,第298期

机译：VPN之间通信中基于策略的安全控制机制
3. A mechanism of policy-based security control in communication between VPNs [J] . Isamu Imaida, Kaori Isagai, Junichir Murayama 電子情報通信学会技術研究報告. 情報ネットワ-ク. Information Networks . 2000,第300期

机译：VPN之间通信中基于策略的安全控制机制
4. Efficient Algorithms for Dynamic Detection and Resolution of IPSec/VPN Security Policy Conflicts [C] . Niksefat S., Sabaei M. IEEE International Conference on Advanced Information Networking and Applications;AINA 2010 . 2010

机译：动态检测和解决IPSec / VPN安全策略冲突的高效算法
5. IPsec/VPN security policy engineering: Automatic generation and conflict detection. [D] . Yang, Yanyan. 2006

机译：IPsec / VPN安全策略工程：自动生成和冲突检测。
6. Are social security policies for Chinese landless farmers really effective on health in the process of Chinese rapid urbanization? a study on the effect of social security policies for Chinese landless farmers on their health-related quality of life [O] . Ying Liang, Wanyi Lu, Wei Wu 2014

机译：在中国快速的城市化进程中针对中国失地农民的社会保障政策真的对健康有效吗？中国失地农民的社会保障政策对其健康相关生活质量的影响研究
7. IPSec/VPN security policy: Correctness, conflict detection and resolution [O] . Zhi Fu, S. Felix Wu, He Huang, 2001

机译：IPSec / VPN安全策略：正确性，冲突检测和解决

IPsec/VPN security policy correctness and assurance

摘要

著录项

相似文献

相关主题

期刊订阅