作　　者： ; ;

机构地区： 华南农业大学理学院应用数学系

出　　处： 《计算机工程与设计》 2008年第15期3852-3855,共4页

摘　　要： IPsec为信息在没有安全保护的网络中传递提供安全机制。但由于各种安全设备的安全策略描述不同,IPsec并没有被广泛采用。在分析各种异构网络和不同类型的通讯实体对通信安全要求的基础上,给出其IPsec安全策略的统一描述格式,以能够使各种安全设备、网络协调工作。在此条件下,给出设备、网络间策略冲突的简洁、高效的检测算法。最后,提出了一种策略协调算法,此算法能够提高网络的通信效率,并能够消除某些策略的冲突。 IPsecc can provides security for transmission of sensitive information over unprotected networks, however lt has not been wide used by security facilities from different manufacture because policies description ofthose security facilities are different. Based on analyzing security requirements about different manufactures and diversified networks, a set of standard IPsec policies description is presented, by witch different security facilities can configured and reconciled. Second, a mechanism to detect conflicts among IPsec policies are proposed, by which is more efficiency. Finally, how to reconcile security policies to improve efficiency and resolve conflicts among IPsec policies is discussed.

关 键 词： 网际协议安全 安全策略 策略描述 冲突检测 协调

领　　域： [自动化与计算机技术] [自动化与计算机技术]