• 研究论文 • 上一篇    下一篇



  1. (1. 西安电子科技大学 机电工程学院,陕西 西安 710071;
    2. 西安电子科技大学 通信工程学院,陕西 西安 710071)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-20 发布日期:2008-03-28
  • 通讯作者: 李小平

Research on the multi-hierachy and multi-domain security policy system in IPv6 networks

LI Xiao-ping1;WU Qiong1;DONG Qing-kuan2;LIU Yan-ming2

  1. (1. School of Mechano-electronic Engineering, Xidian Univ., Xi′an 710071, China;
    2. School of Telecommunication Engineering, Xidian Univ., Xi′an 710071, China)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-20 Published:2008-03-28
  • Contact: LI Xiao-ping

摘要: 为了解决IPv6网络中基于策略驱动的网络安全问题,构建一个以整体安全策略为核心的下一代网络安全体系,提出了统一管理、分布式控制的多级多域安全策略系统.该系统中心策略统一配置、各域根据自身安全需求下载安全策略,本地策略协商配置.并从系统框架和实现方案分别给出了详尽的描述,在理论上证明了系统方案的可实现性.该系统比较灵活,具有一定的可扩展性,适合基于安全域的策略管理需求.

关键词: IPSec策略, 安全策略管理, 安全系统, IPv6

Abstract: In order to solve security problems based on the policy and construct a security-policy-based network security architecture in IPv6 networks, a multi-hierarchy and multi-domain security policy system in which the central policies are uniformly stored, distributed domain by domain and local policies are obtained by negotiation is presented. The frame of the system and its realization scheme are designed in detail and the feasibility of the system is theoretically verified. The system which is flexible and expansible fits the requirements of policy management based on the security domain.

Key words: IPSec policy, security policy management, security systems, IPv6


  • TP393.02