计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (14): 127-129.

• 网络、通信、安全 • 上一篇    下一篇

IPSec网关的一种分布式配置方法

唐 屹1,2,张连宽3   

  1. 1.广州大学 数学与信息科学学院,广州 510405
    2.中山大学 广东省信息安全技术重点实验室,广州 510275
    3.华南农业大学 数学系,广州 510642
  • 收稿日期:2007-08-27 修回日期:2007-11-05 出版日期:2008-05-11 发布日期:2008-05-11
  • 通讯作者: 唐 屹

Distributed configuring method for IPSec gateways

TANG Yi1,2,ZHANG Lian-kuan3   

  1. 1.Department of Information Sciences,Guangzhou University,Guangzhou 510405,China
    2.Guangdong Key Laboratory of Information Security Technology,Zhongshan University,Guangzhou 510275,China
    3.Department of Mathematics,South China Agricultural University,Guangzhou 510642,China
  • Received:2007-08-27 Revised:2007-11-05 Online:2008-05-11 Published:2008-05-11
  • Contact: TANG Yi

摘要: IPSec协议的一种应用模式是采用IPSec网关间隔各个网络段,通过网关的策略配置,实现安全通信需求。然而,交叉的IPSec策略可能导致信息回流,引发策略冲突,破坏安全需求。提出IPSec网关的一种基于多agent系统的配置方法,自动分布式生成无冲突的IPSec策略集,可以避免集中式生成方法单点失效的弱点。模拟实验验证了这种方法的可行性。

关键词: IPSec配置, 分布式, 策略冲突与消解

Abstract: An application scenario for IPSec is to partition a network by IPSec gateways.The security requirements are implemented by IPSec policies between gateways.However,the overlapping tunnels may lead to network traffic looping and introduce policy conflicts.A distributed method is proposed,named DistIPSec,to generate conflict free policies for IPSec gateways.The simulated experiments show the validity of the proposed method.

Key words: IPSec configuration, distribution, policy confliction and resolution