| Summary: | 碩士 === 國立中正大學 === 通訊工程研究所 === 92 === Due to the complex requirements of company and network environment, security engineers used to find some quick and dirty solutions instead of planning system as a whole. In this paper, we propose a new security model, Object Association Binding (OAB), to describe the security requirement and network topology of the enterprise. Base on the OAB model, we develop Security Assurance Policy Helper (SAPH) framework to help network security engineers satisfying the wanted security management and security assurance.
MPLS (Multi-Protocol Label Switching) has been one of the next generation backbone network technologies. Many enterprises are planning to replace traditional Layer 2 VPNs (such as ATM or Frame Relay) with MPLS-based services. MPLS is now mature enough to be used by ISP to construct MPLS Layer 2 and Layer 3 VPNs.
In SAPH, the most important step is to model the network environment. The OAB contains three forms: Topology form, Policy form and Component form. Based on these forms, we can show the topology of network and bind the security policy in it. In MPLS/VPN, we also can use this model to purpose a global view of the VPN services and succeed in the spirit of security assurance on the network by SAPH.
|
|---|
