关键词: IPSec策略 策略冲突 socket监控 消除冲突

Abstract:

In view of the flaws of the existing IPSec system policy mechanisms, this paper presents an application-oriented IPSec system policy management mechan ism. By monitoring the socket activities of the application layer, we create the corresponding IPSec policy in a real-time manner, and provide different grades of fine-grained protection for the IP flow. We also present the expressions of policy setting that uses a high-level language form,in order to s atisfy the users＇needs to add, change and delete the fine-grained IPSec policy. In addition, we give an algorithm to resolve the policy conflicts, and   transform the conflicting policies into conflict-free ones. The mechanism can improve the performance of the existing IPSec, so it can meet the actual   network environment better.

Key words: （IPSec policy, policy conflict, socket monitoring, conflict removal）