摘要: 针对传统IPsec无法解决多级安全网络环境下的通信问题,提出一种基于隐式安全标记的IPsec方案。通过引入隐式安全标记,改进IKE、ESP协议处理流程,将IPsec SA与隐式安全标记有效绑定,并依据所保护数据信息的重要程度,协商标记SA时选取强度不同的算法及密钥,动态构建多密级标记保护隧道,实现不同密级数据流的逻辑隔离及安全通信。
关键词:
多级安全网络,
隐式安全标记,
IPsec协议,
访问控制,
标记隧道
Abstract: Focusing on the problem of communication with traditional IPsec in Multi-level Security(MLS) network, this paper presents a solution about IPsec based on implicit security label. This solution solves the problem by adding implicit security label in IPsec, improving the processing of IKE, ESP protocol, binding the IPsec SA and implicit security label, selecting different algorithms and keys based on different information. It sets up different levels of labeled tunnels dynamically, and realizes the isolation of different levels of data stream and security communication in MLS networks.
Key words:
Multi-level Security(MLS) network,
implicit security label,
IPsec protocol,
access control,
labeled tunnel
中图分类号:
杨晓红, 杜学绘, 曹利峰. 基于隐式安全标记的IPsec研究[J]. 计算机工程, 2011, 37(13): 109-112.
YANG Xiao-Gong, DU Hua-Gui, CAO Li-Feng. Research of IPsec Based on Implicit Security Label[J]. Computer Engineering, 2011, 37(13): 109-112.