主动网络的体系结构与安全性研究

【作者】 李鑫；

【导师】 孙亚民；

【作者基本信息】 南京理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 主动网络是网络发展过程中出现的一门最新的技术,是下一代网络体系结构的理想解决方案。主动网络中传输的分组被称为主动分组,主动分组不仅带有数据信息和分组头部信息,而且还可以携带一段程序代码。有计算能力的主动网络中间节点(主动路由器、主动交换机)提供执行环境,解释并执行主动分组中携带的程序或者利用主动分组中携带的参数执行已经存在该节点上的程序。从而将传统网络的“存储——转发”的处理模式改为“存储——计算——转发”的处理模式。用户可以向网络节点插入自己定制的程序,以此来修改或者扩展网络的基础配置,从而实现快速、动态的部署新协议、提供新服务,使网络更具灵活性和可扩展性。本文通过对主动网络理论的深入研究,分析了主动网络体系结构的实现方式和主动网络面临的安全威胁,了解了主动网络体系的运行机制,总结了现今关于主动网络的主要研究成果。在ANTS体系结构上,提出了一种新的智能化主动网络传输系统(IANTS),采用了集成法和离散法相结合的方式实现,设计了主动分组的格式、主动代码的分发机制、主动代码的加载策略,在体系结构中设置了主动代码服务器和认证中心。对于采用集成法的分组,可以直接调用其中携带的程序执行;对于采用离散法的分组,可以根据加载策略,从代码服务器上下载代码到本地执行。IANTS还提供了可行的安全传输方案,采用了加密、鉴别、认证等技术来保证各个网络实体相互之间的安全通信。采用JAVA编程语言对系统模块进行了编程实现,以ANTS作为执行环境、JANOS作为节点操作系统对系统进行了测试。IANTS体系结构体现了主动网络的灵活性、安全性,并且有较高的性能。更多还原

【Abstract】 Active network is one of the newest technologies arisen in the course of the network development,it is the ideal solution of the next generation’s network architecture.The packet transmitted in the active network is called active packet, it carries not only the data information and the header information,but also a section of code.The active node(active router,active switch) which has the ability of computing provides a executive environment, interprets and executes the code carried in the active packet,or executes the code existed in the node with the parameters carried in the active packet. It changes the network processing mode from "storage -forward" to "storage - compute-forward". The user can insert his own program to the node in order to modify or expand the basis of network configuration,deploy the new protocol and provide new service dynamic and rapidly,enable the network to have more flexibility and extendibility.Through the in-depth research of active network, this article analyses implement method of active network’s architecture and the security threats,realizes the operating mechanisms, sums up the current main research results on active nerwork.Based on ANTS architecture, we propose a new Intelligent Network Transmission System (IANTS),use the combining way of integrated method and discrete method.IANTS designs the format of the active packet,the deployment and loading strategy of active code.IANTS has the code server and CA.For the integrated method, node can call the code directly from zhe packet; for the discrete method, based on loading strategy, when needed , to download the code from the CS.IANTS also presents a security transfer method, use the technologies of encryption, identification, authentication to secure communications between different entities.Using JAVA programming language to implements the modules of IANTS system..Test the system based on ANTS Executive Environment and JANOS Node Operation System.IANTS architecture reflects the active network’s flexibility,security, and a higher degree of performance.更多还原