本文選題：網(wǎng)絡(luò)打印機(jī) + 嵌入式防火墻��； 參考：《西安電子科技大學(xué)》2013年碩士論文

【摘要】：隨著網(wǎng)絡(luò)的日益普及，我們已經(jīng)進(jìn)入到網(wǎng)絡(luò)時(shí)代，網(wǎng)絡(luò)成為了數(shù)據(jù)傳輸和信息交換的主要媒介。網(wǎng)絡(luò)打印機(jī)以其快捷的網(wǎng)絡(luò)接入方式和方便的操作控制，贏得了越來(lái)越多的用戶青睞。但是，由于成本和利潤(rùn)的限制，網(wǎng)絡(luò)打印機(jī)的安全問(wèn)題并沒(méi)有得到大多數(shù)打印機(jī)生產(chǎn)廠商的足夠重視，雖有少量網(wǎng)絡(luò)打印機(jī)嵌入式防火墻產(chǎn)品，也因?yàn)槠浔旧淼募軜?gòu)、成本等問(wèn)題得不到很好的推廣與應(yīng)用。所以，人們?cè)趶木W(wǎng)絡(luò)打印獲得方便的同時(shí)也面臨著嚴(yán)峻的安全問(wèn)題。 本文在對(duì)網(wǎng)絡(luò)打印安全的體系結(jié)構(gòu)進(jìn)行研究的基礎(chǔ)上，通過(guò)分析現(xiàn)有四種主流嵌入式防火墻的架構(gòu)，結(jié)合處理性能、擴(kuò)展性、靈活性、開(kāi)發(fā)難度、開(kāi)發(fā)周期、開(kāi)發(fā)成本以及知識(shí)產(chǎn)權(quán)等方面的因素，選用FPGA架構(gòu)對(duì)網(wǎng)絡(luò)打印機(jī)嵌入式防火墻進(jìn)行了設(shè)計(jì)。由于FPGA架構(gòu)嵌入式防火墻通常依賴Linux操作系統(tǒng)中的Netfilter/Iptables實(shí)現(xiàn)防火墻功能，一方面，增加了系統(tǒng)對(duì)資源的消耗；另一方面，如果Linux操作系統(tǒng)受到攻擊，那么防火墻的功能將受到破壞。為了彌補(bǔ)FPGA架構(gòu)嵌入式防火墻的這一缺點(diǎn)，本文采用最新的融合SOPC技術(shù)的FPGA嵌入式系統(tǒng)開(kāi)發(fā)的方法，提出一種以FPGA和LwIP為核心并不依賴操作系統(tǒng)的網(wǎng)絡(luò)打印機(jī)嵌入式防火墻，即快速搭建嵌入式處理器系統(tǒng)的硬件，在嵌入式微處理器上直接運(yùn)行TCP/IP協(xié)議棧LwIP實(shí)現(xiàn)通信協(xié)議來(lái)進(jìn)行網(wǎng)絡(luò)數(shù)據(jù)的解析和打包，開(kāi)發(fā)基于LwIP的用戶應(yīng)用程序?qū)崿F(xiàn)雙網(wǎng)卡通信，，利用定制的硬件邏輯即用戶IP核實(shí)現(xiàn)防火墻過(guò)濾和數(shù)據(jù)解密。通過(guò)以上方式，可以在保證處理性能的前提下，增強(qiáng)系統(tǒng)的安全可靠性、擴(kuò)展性、靈活性和穩(wěn)定性，降低系統(tǒng)的資源消耗和開(kāi)發(fā)成本。 通過(guò)對(duì)嵌入式防火墻的測(cè)試表明，所設(shè)計(jì)的嵌入式防火墻能夠很好的滿足系統(tǒng)設(shè)計(jì)初衷。
[Abstract]:With the increasing popularity of the network, we have entered the network era, the network has become the main medium of data transmission and information exchange. Network printer has won more and more users with its quick network access and convenient operation control. However, due to the limitation of cost and profit, the security of network printer has not been paid enough attention by most printer manufacturers. Although there are a few embedded firewall products of network printer, but also because of its own structure, Cost and other problems can not be well promoted and applied. Therefore, people are faced with severe security problems while obtaining convenience from network printing. Based on the research of network printing security architecture, this paper analyzes the architecture of four mainstream embedded firewalls, combining processing performance, expansibility, flexibility, development difficulty, development cycle, etc. Based on the development cost and intellectual property, FPGA architecture is used to design the embedded firewall of network printer. Because the embedded firewall based on FPGA usually relies on Netfilter / IptabLes in Linux operating system to realize firewall function, on the one hand, it increases the system's consumption of resources; on the other hand, if the Linux operating system is attacked, Then the functionality of the firewall will be compromised. In order to make up for this shortcoming of FPGA architecture embedded firewall, this paper proposes a network printer embedded firewall based on FPGA and LwIP, which is based on FPGA and LwIP, and adopts the latest development method of FPGA embedded system which integrates SOPC technology. That is, build the hardware of embedded processor system quickly, run TCP / IP protocol stack directly on embedded microprocessor to realize the communication protocol to parse and package the network data, develop the user application program based on LwIP to realize the communication of double network card. The user IP core is used to filter the firewall and decrypt the data using the custom hardware logic. Under the premise of ensuring the processing performance, the security reliability, expansibility, flexibility and stability of the system can be enhanced, and the resource consumption and development cost of the system can be reduced. The test of embedded firewall shows that the designed embedded firewall can well meet the original intention of the system design.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 聶定遠(yuǎn);李小俊;;DES與AES的比較研究[J];軟件導(dǎo)刊;2007年05期

2 林U

本文編號(hào)：2045030