论文部分内容阅读
主动网络(Active Network)是美国国防部高级研究计划署(DARPA)提出的下一代互联网络体系结构。它采用可执行的移动程序代码来代替传统的被动式数据包,让主动节点动态装载可执行的移动程序代码,来实现协议和服务的动态发布和部署,具有扩展性好、动态可编程的特点。本文利用主动网络下移动程序代码的计算能力,使用ASPKN(Active Security Policy Key Negotiation)和ASPE(Active Security Policy Enable)程序代码来代替传统式策略的更新请求,当策略服务器的策略进行更新后,由策略服务器通过这些程序代码,把更新后的安全策略快速地部署到各个节点中,保证各个节点安全策略的实时性和一致性,而且当VPN中的节点增加时,也不会增加策略服务器的负担,具有很好的扩展性。本文对所提出的协议的安全性作了相应的证明。
Active Network is the next generation Internet architecture proposed by the Defense Advanced Research Projects Agency (DARPA). It uses executable mobile program code instead of the traditional passive data packet, so that the active node can dynamically load executable mobile code to realize the dynamic distribution and deployment of protocols and services, which is characterized by good scalability and dynamic programming. In this paper, we use the computing ability of mobile program code in active network to replace the traditional policy update request with Active Security Policy Key (ASPKN) and Active Security Policy Enable (ASPE) code. When the strategy of policy server is updated, Through these program codes, the policy server rapidly deploys the updated security policy to each node to ensure the real-time and consistency of the security policies of each node and does not increase the policy server burden when the number of nodes in the VPN increases , With good scalability. This paper proves the security of the proposed protocol.