| Multilevel security network, as a kind of special purpose network, has already fallen behind far away compared with the quick development of the scale and technology of Internet. Therefore, it is very urgent to set up a distributed multilevel security network based on TCP/IP protocols suite, the technology of access control based on multilevel security policies, and the function of encryption and authentication of IPSec.The security policies of BLP model are studied in the first place because it is widely used as a classical multilevel security policy model. In order to overcome the problem of lack of integrality of BLP model, a new model with enhanced integrality is proposed and its security is proved.Secondly, in order to apply multilevel security policies to prohibit the information flowing to untrusted destination, a new security policy model is proposed to support the mandatory access control to information flow in multilevel security network. The model has expanded the security policies with enhanced integrality of BLP model into multilevel security network.Thirdly, in order to protect data transmissions with IPSec technology in multilevel security network, two improved solutions are given to implement mandatory access control for per data package. The first one can provide terminal to terminal secure communications based on user authorization. The other can protect communications between processes based on process authorization.Finally, on the basis of the research on security architecture of multilevel security network, a deployment of distributed multilevel security network has been developed. Moreover, some key technologies are analyzed briefly, such as authentication technology, application of IPSec and the deployment of multilevel security policies.In a word, some key technologies of multilevel security network have been studied and stage achievements are obtained. The research is the basis for further study in this field. |
PDF Full Text Request