• 论文 •    

虚拟应用网络的安全技术研究

陈兴蜀,沈昌祥   

  1. 1.四川大学计算机学院,四川成都610064;2.海军计算技术研究所,北京100841
  • 出版日期:2004-11-15 发布日期:2004-11-25

Research on security technology of virtual application network

CHEN Xing-shu, SHEN Chang-xiang   

  1. 1.Coll. of Computer, Sichuan Univ., Chengdu610064, China;2. Inst. of Navy Compute Tech., Beijing100841, China
  • Online:2004-11-15 Published:2004-11-25

摘要: 针对信息系统集成中不同应用、不同网络结构等如何在有效实现信息共享、信息集成的同时,也保障信息系统自身安全性的问题,提出了虚拟应用网络的概念。网络借鉴了电路级代理工作的基本原理,以应用协议的会话数据流为对象,对信息系统进行控制和管理。阐述了如何实现统一、简便的认证和管理平台,如何实现与应用协议相对独立的细粒度访问控制,以及将基于角色的存取控制机制有效地与细粒度访问控制相结合等关键技术。通过对虚拟应用网络的研究和实施,可以为综合信息系统提供一个安全、统一、透明的网络应用平台。

关键词: 虚拟应用网络, 电路级代理, 细粒度访问控制, 语义, 基于角色的访问控制

Abstract: Concerning with how different applications and different network frameworks are integrated, how information is shared and integrated and security is assured simultaneously in information system, the concept of Virtual Application Network (VAN) was proposed. The concept adopted basic theory of circuit-level proxy. Taking session data flow of application protocols as its objective, VAN controlled and managed integrated information systems. Furthermore some key technologies such as: how VAN implemented uniform & simple platform of authentication and management, how VAN implemented subtle granular access control which was independent from various application protocols, and how Role-Based Access Control (RBAC) was combined effectively with subtle granular access control, were described. By research and implementation of VAN, a secure, uniform and transparent network application platform would be provided for integrated information system.

Key words: virtual application network, circuit level proxy, finely granular access control, semantic, role-based access control

中图分类号: