A VPN configuration method to allow hierarchical security domains
Project/Area Number |
13680421
|
Research Category |
Grant-in-Aid for Scientific Research (C)
|
Allocation Type | Single-year Grants |
Section | 一般 |
Research Field |
計算機科学
|
Research Institution | Osaka City University |
Principal Investigator |
ISHIBASHI Hayato Osaka City University, Media Center, Associate Professor, 学術情報総合センター, 助教授 (70212925)
|
Co-Investigator(Kenkyū-buntansha) |
YAMAI Nariyoshi Okayama University, Computer Center, Associate Professor, 総合情報処理センター, 助教授 (90210319)
ABE Kota Osaka City University, Media Center, Lecturer, 学術情報総合センター, 講師 (40291603)
MATSUURA Toshio Osaka City University, Media Center, Professor, 学術情報総合センター, 教授 (40127296)
|
Project Period (FY) |
2001 – 2002
|
Project Status |
Completed (Fiscal Year 2002)
|
Budget Amount *help |
¥900,000 (Direct Cost: ¥900,000)
Fiscal Year 2002: ¥900,000 (Direct Cost: ¥900,000)
|
Keywords | VPN / Hierarchical Security Domain / LDAP / Internet / Security |
Research Abstract |
Establishing VPN connections using existing VPN technology requires IP-level reachability to the destination security gateway. This means, if security domain (a network domain which shares the same security policy and separated by security gateways with other domains) is hierarchically organized, VPN connection cannot be established because external computers cannot reach inner security gateways directly. To solve this issue, we have proposed a method to allow establishing VPN connections in such an environment, traversing security gateways. Furthermore, to demonstrate and evaluate the proposed method, we have implemented the method using SOCKS5. We also have proposed and implemented a method to separately and effectively manage each security domain's access policy. In our method, access policy, which consists of per user availability and authentication requirements, is managed with tree structure, based on the security domain hierarchy. As access policy is automatically propagated from inner domain to outer domain, inner domain's administrator can freely change their access policy without bothering outer domain's administrator. To evaluate this method, we have implemented a policy server that lookups access policy and distribute to security gateways. Access policy is stored in distributed, hierarchical databases using LDAP (Lightweight Directory Access Protocol) servers.
|
Report
(3 results)
Research Products
(3 results)