| Co-Investigator(Kenkyū-buntansha) |
YAMAI Nariyoshi Okayama University, Computer Center, Associate Professor, 総合情報処理センター, 助教授 (90210319)
ABE Kota Osaka City University, Media Center, Lecturer, 学術情報総合センター, 講師 (40291603)
MATSUURA Toshio Osaka City University, Media Center, Professor, 学術情報総合センター, 教授 (40127296)
|
|---|
| Research Abstract |
Establishing VPN connections using existing VPN technology requires IP-level reachability to the destination security gateway. This means, if security domain (a network domain which shares the same security policy and separated by security gateways with other domains) is hierarchically organized, VPN connection cannot be established because external computers cannot reach inner security gateways directly.
To solve this issue, we have proposed a method to allow establishing VPN connections in such an environment, traversing security gateways. Furthermore, to demonstrate and evaluate the proposed method, we have implemented the method using SOCKS5.
We also have proposed and implemented a method to separately and effectively manage each security domain's access policy. In our method, access policy, which consists of per user availability and authentication requirements, is managed with tree structure, based on the security domain hierarchy. As access policy is automatically propagated from inner domain to outer domain, inner domain's administrator can freely change their access policy without bothering outer domain's administrator. To evaluate this method, we have implemented a policy server that lookups access policy and distribute to security gateways. Access policy is stored in distributed, hierarchical databases using LDAP (Lightweight Directory Access Protocol) servers.
|
