Linux Os And Ipsec-based Vpn Gateway - Research And Realization Of The Security Policy System

Security policy,which defines the security association to protect the communication between two entities,is an important part of the IPSec. This paper discusses some decisive factors and basic combinations of security policy and security association,proposes an architecture for security policy system,describes approaches for defining and representing security policy and security association,presents the integration of the Linux IP processing with the outbound and inbound policy through the Linux Netfilter. proposes the use of Radix tree for organizing the security policy database,the use of hash table for organizing the security association database,and the use of the PF_KEY protocol for the interface between applications and these two databases,specifies how to use the security policy system to provide security policy services. At last,this paper comments on policy correctness,correlation,reconciliation and conflict detection,and advises further work on security policy language,gateway discovery and policy protocol.