(3.235.139.152) 您好!臺灣時間:2021/05/11 11:44
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳建穎
研究生(外文):Jian-Ying Chen
論文名稱:安全可調式網路閘道器:安全及效能互動
論文名稱(外文):Security-State Adjustable Gateway:Security Versus Performance
指導教授:郭大維郭大維引用關係
指導教授(外文):Tei-Wei Kuo
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:36
中文關鍵詞:secure gatewaysecurity stateperformancesecuritysecurity mechanism
外文關鍵詞:安全狀態安全性安全閘道器安全機制效能
相關次數:
  • 被引用被引用:0
  • 點閱點閱:78
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
本論文提出了一個安全可調式的網路閘道器。此安全閘道器可容釣t統管理者在執行時期動態地調整系統的安全機制。此系統架構可容竟瑊z者根據所面臨的威脅去設定系統安全狀態,而此安全狀態是根據所克服相對應威脅的安全機制所設計的;因此管理者並不需要去關注個別的安全機制能克服那種威脅的細節。此外,此安全閘道器可根據所遭受到的威脅自動調整系統的安全狀態。當未遭受威脅時,某些安全機制會在不違反預設安全狀態之下自動關閉,以獲取較高的效能;然而,當系統偵測到某些威脅時,某些必要的安全機制就會自動開啟以保護系統。
The thesis proposed a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the system administrators to turn on or off individual security mechanisms, the proposed architecture allows
the users to configure the gateway based on the security threats to be overcome. The system systematically reconfigures the security mechanisms according to the selected security threats. The system administrators do not need to know which security mechanisms should be turned on or off. In addition, the system can
adjust the security state of the system based on the performance of the gateways. When the system is not under attack, certain security mechanism can be turned off to improve the performance of the gateway. However, when certain attacks occur, the system can automatically turn on the necessary security mechanism.
Contents
List of Tables IV
List of Figures V
1 Introduction 1
2 Secure Gateway based on Common Criteria . . . 4
2.1 Common Criteria . . . . . . . .4
2.1.1 Security Target and Protection Profile . . . . . 5
2.2 Security Threats . . . . . . . . . 6
2.3 Security Objectives and Security Requirements. . . 9
3 System Design and Implementation . . . 12
3.1 System Architecture. . . . . . . . . 12
3.2 State Con‾guration and Transition . . . . . . . . 15
3.3 Implementation challenges . . . . . . . . . . . . 18
4 Performance Evaluation 21
4.1 Experimental setting, workload generation, and performance metrics . . . . 21
4.2 Results and Analysis . . . . . . . . 23
5 Conclusion . . . . . .31
5.1 Conclusion . . . .. . . . . . . . . . . . . . . . 31
5.2 Future Work . . . . . . . . . . . . . . . . . . . 32
[1] INTERNET PROTOCOL, September 1981.
[2] Common criteria for information technology security evaluation, version 2.1. Technical report, August 1999.
[3] Protection pro‾le for single-level operating systems in environments requiring medium robustness. Technical report, National Security Agency, May 2001.
[4] International internet statistics, 2002. Technical report, Taylor Nelson Sofres Interactive Report, 2002.
[5] Securenet pro. intrusion detection system version 4.1 sp1 security target. Technical report, COACT, Inc., December 2002.
[6] A network infrastructure security product for attack detection, analysis and response. Technical report, Computer Sciences Corporation, July 2003.
[7] D. Carman, J. Adcock, W. Gri±n, M. Heyman, R. Knobbe, C. Scace, R. Thomas. Adaptive cryptographically synchronized authentication. Technical report, NAI
Labs, The Security Research Division of Network Associates, Inc., 2000.
[8] Common Criteria for Information Technology Security Evaluation (CCITSE). http://csrc.nist.gov/cc/.
[9] Electronic Frontier Foundation. Cracking DES. O''Reilly, 1998.
[10] FreeBSD. http://www.openbsd.org/.
[11] FreeS/WAN. http://www.freeswan.org.
[12] B. Hatch and J. Lee. Hacking Linux Exposed. McGraw Hill, 2003.
[13] hping. http://www.hping.com/.
[14] Iperf. http://dast.nlanr.net/projects/iperf/.
[15] iptables. http://www.net‾lter.org.
[16] J. Nechvatal, E. Barker, L. Bassham, W. Burr, M. Dworkin, J. Foti, and E. Roback. Report on the development of the advanced encryption standard (aes). 2000.
[17] K. V. Dolan, P. A. Wright, and R. R. Montequin. U.s. department of defense application-level firewall protection profile for medium robustness environments.
Technical report, June 2000.
[18] K. V. Dolan, P. A. Wright, and R. R. Montequin. Protection profile for multi-level operating systems in environments requiring medium robustness. Technical
report, National Security Agency, May 2001.
[19] K. V. Dolan, P. A. Wright, R. R. Montequin, B. Mayer, L. Gilmore, and C. Hall.
U.s. department of defense traffic-filter firewall protection profile for medium robustness environments. Technical report, May 2000.
[20] D. Kucukreisoglu. Solaris 8 security target. Technical report, March 2003.
[21] A. J. Melara. Performance analysis of the linux ‾rewall in a host, 2002.
[22] D. L. Mills. RFC 904, Exterior Gateway Protocol Formal Speci‾cation, 1984.
[23] National Institute of Standards and Technology (NIST). Advanced encryption standard (aes). Technical report, November 2001.
[24] P. A. Loscocco, S. D. Smalley. Meeting critical security objectives with security-enhanced linux. Technical report.
[25] Pluggable Authentication Modules (PAM).
http://www.kernel.org/pub/linux/libs/pam.
[26] D. C. Plummer. RFC 826, An Ethernet Address Resolution Protocol, November 1982.
[27] R. Braden, J. Postel. RFC 1009, Requirements for Internet gateways, 1987.
[28] S. Kent, R. Atkinson. RFC 2402, IP Authentication Header, 1998.
[29] S. Kent, R. Atkinson. RFC 2406, IP Encapsulating Security Payload, 1998.
[30] Security-Enhanced Linux (SELinux). http://www.nsa.gov/selinux.
[31] Snort. http://www.snort.org.
[32] Secure Sockets Layer (SSL). http://www.openssl.org/.
[33] W. Stallings. Network Security Essentials. Prentice Hall, 2002.
[34] CERT Coordination Center Statistics. http://www.cert.org/stats/.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔