| Multi-level security technologies are widely used in high sensitive business and military fields. However, almost all the multi-level security systems are centralized. Logically, in these systems there is only one server that can deal with multi-level security operations, the end devices communicate with each other though the sever. The expansibility of the system is very poor, and the services that the system can provide are very limited. Therefore the system does not meet the rapid development of applications requirement.A distributed multi-level security network structure is given in IPv6/MIPv6 environment based on our modified IPSec protocol. Arbitrary sensitivity-level entities and arbitrary MLS servers are allowed to access the network, which provides an integrated and feasible method for distributed networks to provide multi-level security services. The network topology, components, security protocol for communications etc. are described in detail, especially, a modified IPSec supporting multi-level security, called Multi-level security MIPSec, is given. A new analysis method, reduction analysis method, is presented for multi-level security characteristics analysis. The correctness of our scheme has been proved.In order to verify the correctness and feasibility of Multi-level security MIPSec,Emulation for the functions and performance of the emulation based on NS2.28 has been done.The thesis expand the multi-level authorize,security label, source access authentication for enforcement and achieve the technical support for mobile sub-net. By configuring the network environment and running the simulation script,the analysis data shows that our distributed multi-level security network structure is correct and feasible and the performance of distributed multi-level security network meets the practical requirements. |
PDF Full Text Request