發(fā)布時間：2018-04-30 09:38

  本文選題：交換機(jī) + 嵌入式Linux�。� 參考：《華南理工大學(xué)》2014年碩士論文

【摘要】：網(wǎng)絡(luò)的迅速發(fā)展給網(wǎng)絡(luò)的管理與安全帶來了許多新的挑戰(zhàn)，傳統(tǒng)的網(wǎng)絡(luò)管理技術(shù)暴露出越來越多的不足，需要研究相應(yīng)的技術(shù)去解決。為了實現(xiàn)對網(wǎng)絡(luò)的有效管理，控制用戶的網(wǎng)絡(luò)接入、防止未授權(quán)用戶使用網(wǎng)絡(luò)，對用戶進(jìn)行接入認(rèn)證是接入網(wǎng)絡(luò)管理與安全的關(guān)鍵技術(shù)。 結(jié)合源地址驗證架構(gòu)，針對IPv4/IPv6雙棧的接入網(wǎng)環(huán)境，本文對基于交換機(jī)的安全接入系統(tǒng)展開研究，在嵌入式交換機(jī)硬件平臺和嵌入式Linux操作系統(tǒng)上，設(shè)計并實現(xiàn)了一種基于接入網(wǎng)源地址驗證的Web認(rèn)證交換機(jī)，其核心思想是結(jié)合Web認(rèn)證的認(rèn)證流程實現(xiàn)源地址驗證，以提高接入網(wǎng)絡(luò)的安全性。首先通過對現(xiàn)有的接入認(rèn)證技術(shù)與源地址驗證技術(shù)的調(diào)研，根據(jù)實際的需求選擇采用Web認(rèn)證技術(shù)與SAVI技術(shù)作為技術(shù)基礎(chǔ)。對Web認(rèn)證技術(shù)與SAVI技術(shù)在交換機(jī)上直接結(jié)合進(jìn)行了分析，設(shè)計了一種與Web認(rèn)證結(jié)合的接入網(wǎng)源地址驗證方案，使其更適合在資源受限的接入交換機(jī)上實現(xiàn)。然后在交換機(jī)的嵌入式Linux平臺中，設(shè)計并實現(xiàn)了交換機(jī)上的功能模塊，包括捕包模塊、綁定表模塊、執(zhí)行模塊、通信模塊和Web認(rèn)證模塊等，并針對主要模塊進(jìn)行了設(shè)計和實現(xiàn)說明。最后對實現(xiàn)的原型系統(tǒng)進(jìn)行了測試，結(jié)果驗證了原型系統(tǒng)功能的正確性，，表明了方案的可行性。
[Abstract]:The rapid development of network has brought many new challenges to network management and security. Traditional network management technology has exposed more and more shortcomings. In order to realize the effective management of the network, control the network access of users and prevent unauthorized users from using the network, the key technology of access network management and security is to authenticate the users. Combined with the architecture of source address verification, this paper studies the secure access system based on switch for the access network environment of IPv4/IPv6 dual stack, which is based on embedded switch hardware platform and embedded Linux operating system. A Web authentication switch based on access network source address verification is designed and implemented. Its core idea is to implement source address verification in combination with Web authentication process in order to improve the security of access network. Firstly, through the investigation of the existing access authentication technology and source address authentication technology, Web authentication technology and SAVI technology are selected as the technical basis according to the actual needs. This paper analyzes the direct combination of Web authentication technology and SAVI technology on the switch, and designs an access network source address verification scheme combined with Web authentication, which makes it more suitable to be implemented on the access switch with limited resources. Then, in the embedded Linux platform of the switch, the function modules of the switch are designed and implemented, including the packet capture module, the binding table module, the execution module, the communication module and the Web authentication module, etc. The main modules are designed and implemented. Finally, the prototype system is tested and the results show that the function of the prototype system is correct and the scheme is feasible.
【學(xué)位授予單位】：華南理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 王華麗;王泉;;訪問控制列表在網(wǎng)絡(luò)安全中的應(yīng)用[J];電子科技;2007年01期

2 肖義;;3種接入認(rèn)證技術(shù)的淺析與比較[J];光通信研究;2006年03期

3 嚴(yán)芬;王佳佳;趙金鳳;殷新春;;DDoS攻擊檢測綜述[J];計算機(jī)應(yīng)用研究;2008年04期

4 吳治國;;利用接入交換機(jī)做Web認(rèn)證準(zhǔn)入控制分析[J];中國高新技術(shù)企業(yè);2010年22期

本文編號：1824036