【作者】 曾新洲；

【导师】 王勇军；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 随着电子邮件的广泛应用,公司、企业内部网络通过SMTP代理服务器与外界进行邮件交流越来越频繁,人们在享受益处的同时,也要面对电子邮件带来的安全方面的挑战。如何有效地防止病毒入侵,如何有效地防止机密泄露,正日益引起重视,迫切需要建立一种安全可靠的机制来保障内部邮件系统的安全运行,网络隔离技术应运而生,网络隔离技术能有效地隔离内外网络,保证内外网络数据的安全传输。本文对面向安全隔离的SMTP透明代理服务器技术进行了深入的研究,着重讨论了其关键技术之一――线程池。论文首先介绍了面向安全隔离的SMTP透明代理相关技术,分析了透明代理的优点,并提出了面向安全隔离的透明代理服务器的总体结构、组成和主要功能。其次,对透明代理服务器中的关键技术――透明模式和并发应用服务进行了深入研究,归纳分析了当前的多线程技术,提出了一种新型的线程池技术――扩展线程池。对扩展线程池的形式化分析表明,该技术相对于传统线程池技术,扩展线程池在满足并发连接的基础上,具有更高的吞吐量,可更好地满足代理服务器的性能要求。然后,本文对面向安全隔离的SMTP透明代理服务器实现技术进行了研究,着重讨论了其具体的实现流程、配置管理模块、访问控制模块、协议解析模块、内容过滤模块和日志审计模块,并在此基础上实现了一个原型系统。最后,对该系统的功能和性能进行了测试,测试结果表明了面向安全隔离的SMTP透明代理服务器技术的有效性,并对进一步的研究进行了展望。更多还原

【Abstract】 With the wider use of e-mail, communication between enterprises and outsideworld become more and more frequent by E-mail which is exchanged through SMTPproxyservers.Peoplefacethesecuritychallenges whilethey enjoythebenefits.Howtoeffectively prevent virus attacks, how to effectively prevent the leakage of secrets, arebecoming more and more attention. It’s a very urgent need to establish a safe andreliable mechanism to protect the safe operation of the internal mail system. Networkisolation technologyhasemerged, which effectivelyisolates inside network andoutsidenetwork and ensures security of network data transmission. In this paper, the SMTPtransparent proxy server for security isolation has been studied in-depth, and one ofkeytechnologies-ThreadPool,hasbeenemphasizedon.Firstly, technologies of SMTP transparent proxy server for security isolation wereintroduced. The merits of transparent proxy were analyzed, and then the architecture,constitutionand main function of SMTP transparent proxy server for security isolationwasproposed.Secondly, the paper studied transparent model and the concurrent applicationserver technology in-depth, analyzed the current multithreading technology, thenproposeda new technology of thread pool -- expanded thread pool. Formalanalysis ofthe expanded thread pool, indicated that technology could get higher throughput whilefulfillingtheneedofconcurrentconnections,andgetbetterperformancethantraditionalthreadpooltechnologies.Then, the implementation of transparent proxy server for security isolation wasstudied. The paper discussed emphatically its concrete realization flow, configurationmanagement module, access control module, protocol processing module, contentfilteringmoduleandauditlogmodule.Andaprototypesystemhasbeenimplemented.Finally, the function and performance of the prototype system was tested, andanalyze the results. At the same time, we get further research in the future on theexistingbasis.更多还原