• Search Research Projects
  • Search Researchers
  • How to Use
  1. Back to previous page

A VPN configuration method to allow hierarchical security domains

Research Project

Project/Area Number 13680421
Research Category

Grant-in-Aid for Scientific Research (C)

Allocation TypeSingle-year Grants
Section一般
Research Field 計算機科学
Research InstitutionOsaka City University

Principal Investigator

ISHIBASHI Hayato  Osaka City University, Media Center, Associate Professor, 学術情報総合センター, 助教授 (70212925)

Co-Investigator(Kenkyū-buntansha) YAMAI Nariyoshi  Okayama University, Computer Center, Associate Professor, 総合情報処理センター, 助教授 (90210319)
ABE Kota  Osaka City University, Media Center, Lecturer, 学術情報総合センター, 講師 (40291603)
MATSUURA Toshio  Osaka City University, Media Center, Professor, 学術情報総合センター, 教授 (40127296)
Project Period (FY) 2001 – 2002
Project Status Completed (Fiscal Year 2002)
Budget Amount *help
¥900,000 (Direct Cost: ¥900,000)
Fiscal Year 2002: ¥900,000 (Direct Cost: ¥900,000)
KeywordsVPN / Hierarchical Security Domain / LDAP / Internet / Security
Research Abstract

Establishing VPN connections using existing VPN technology requires IP-level reachability to the destination security gateway. This means, if security domain (a network domain which shares the same security policy and separated by security gateways with other domains) is hierarchically organized, VPN connection cannot be established because external computers cannot reach inner security gateways directly.
To solve this issue, we have proposed a method to allow establishing VPN connections in such an environment, traversing security gateways. Furthermore, to demonstrate and evaluate the proposed method, we have implemented the method using SOCKS5.
We also have proposed and implemented a method to separately and effectively manage each security domain's access policy. In our method, access policy, which consists of per user availability and authentication requirements, is managed with tree structure, based on the security domain hierarchy. As access policy is automatically propagated from inner domain to outer domain, inner domain's administrator can freely change their access policy without bothering outer domain's administrator. To evaluate this method, we have implemented a policy server that lookups access policy and distribute to security gateways. Access policy is stored in distributed, hierarchical databases using LDAP (Lightweight Directory Access Protocol) servers.

Report

(3 results)
  • 2002 Annual Research Report   Final Research Report Summary
  • 2001 Annual Research Report
  • Research Products

    (3 results)

All Other

All Publications (3 results)

  • [Publications] Hayato Ishibashi: "New Approach for Configuring Hierarchical Virtual Private Networks using Proxy Gateways"Lecture Notes in Computer Science. 2662(to appear). (2003)

    • Description
      「研究成果報告書概要(和文)」より
    • Related Report
      2002 Final Research Report Summary
  • [Publications] Hayato Ishibashi: "New Approach for Configuring Hierarchical Virtual private Networks using Proxy Gateways"Lecture Notes in Computer Science, LNCS 2662. (to be published). (2003)

    • Description
      「研究成果報告書概要(欧文)」より
    • Related Report
      2002 Final Research Report Summary
  • [Publications] Hayato Ishibashi: "New Approach for Configuring Hierarchical Virtual Private Networks using Proxy Geteways"Lecture Notes in Computer Science. 2662(to appear). (2003)

    • Related Report
      2002 Annual Research Report

URL: 

Published: 2002-04-01   Modified: 2016-04-21  

Information User Guide FAQ News Terms of Use Attribution of KAKENHI

Powered by NII kakenhi