| An application-layer based centralized information access control for VPN |
| |
| 引用本文: | 欧阳凯,周敬利,夏涛,余胜生. An application-layer based centralized information access control for VPN[J]. 浙江大学学报(A卷英文版), 2006, 7(2): 240-249. DOI: 10.1631/jzus.2006.A0240 |
| |
| 作者姓名: | 欧阳凯 周敬利 夏涛 余胜生 |
| |
| 作者单位: | School of Computer Science & Technology, Huazhong University of Science & Technology, Wuhan 430074, China |
| |
| 基金项目: | Project (No. 60373088) supported by the National Natural ScienceFoundation of China |
| |
| 摘 要: | INTRODUCTION AND BACKGROUND In the last decade, as the Internet becomes a popular low-cost backbone infrastructure, many or- ganizations and companies use it to establish their secure private network, which is known as VPN (Virtual Private Network) technology (Cohen, 2003). Generally, VPN implements confidentiality of data, message integrity and endpoint authentication by the security protocols (such as IPSec: IP Security (Kent and Atkinson, 1998) and TLS/SSL: Transport Lay…
|
| 关 键 词: | 虚拟专用网 信息访问控制 集中式管理 应用层 VPN |
| 收稿时间: | 2004-12-23 |
| 修稿时间: | 2005-04-04 |
An application-layer based centralized information access control for VPN |
| |
| Kai Ouyang,Jing-li Zhou,Tao Xia,Sheng-sheng Yu. An application-layer based centralized information access control for VPN[J]. Journal of Zhejiang University Science, 2006, 7(2): 240-249. DOI: 10.1631/jzus.2006.A0240 |
| |
| Authors: | Kai Ouyang Jing-li Zhou Tao Xia Sheng-sheng Yu |
| |
| Affiliation: | (1) School of Computer Science & Technology, Huazhong University of Science & Technology, Wuhan, 430074, China |
| |
| Abstract: | With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the internal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper. Project (No. 60373088) supported by the National Natural Science Foundation of China |
| |
| Keywords: | Virtual private network Access control Tunneling Centralized management Stream |
| 本文献已被 CNKI 维普 万方数据 SpringerLink 等数据库收录! |
|
