secure route

1
???????

• ? ? ?
• ??????????
• 2003?11?

2
??

• ??
• ??????????
• ????????
• ????????
• ????????
• ??

3
??????????
4
??????????

• ??20?????????,???? ???(30???/?)?????
  ?20??????,??????2? ??
• ??
• ????????????????? ????2190??

5
????????

• ?????????-?????????
• ???????????????????????????
• ????????????????????????

6
????????

• ???????????????????????????????????????
• ?????????????????????????????????????????????
  ?

7
????????

• ??????????????????
• ?????- ????,????
• ?????-????,???????
• ???????-????????

8
?????????

• ??????????????
• ????????????????????
• Linux??????????????????

9
????

• ??????
• ?????????????
• ?????????????
• ?????????????
• ??????
• ??????

10
??????

• ??????????????
• ?????????????????????
• ??????????????
• ????????????
• ???????,???????
• ????????????

11
????????

• ?????????????????
• ???????????????,???????
• ????? GB178591999????????????????
• ????? GB/T 18336-2001???? ????
  ???????????,????CC

12
??

• ????????????,????,???????,2001??
• ??????????,???,???,????,?????,2003??
• ?????????,???,?????,?????,2003??
• ??????????????,???,?????,?????,?????
• ?????????????,?????,???????,2004????
• ??????,????,???????,2004?

13
?????

• Springer LNCS1334
• Springer LNCS2229
• Springer LNCS2513
• Springer LNCS2836
• IFIP/Sec2000 Proceedings, Kluwer

14
??????????? ICICS
ICICS97, ??, Springer LNCS1334 ICICS99, ??,
Springer LNCS1726 ICICS2001, ??, Springer
LNCS2229 ICICS2002, ???, Springer
LNCS2513 ICICS2003, ????, Springer
LNCS2836 ICICS2004, ???, Springer LNCS
15
???????-??

• ?? - ????, ???, ?????
• ??????NIST???15?AES???????????????????????????

16
AES ???

• ????????,???????????
• ??????????????????
• AES????--
  ???????????

17
AES?????

• ??????
• ????128??
• ??128, 192,?256??????
• ??C?Java???????
• ??????????DES

18
AES ? 2 ??????

• MARS by IBM
• RC6 by RSA
• RIJNDAEL by Daemen Rijmen
• SERPENT by Anderson, Biham Knudsen
• TWOFISH by Schneier, Kelsey, Whiting, Wagner,
  Hall Ferguson

19
Rijndael ??????

• Rijndael ?????Joan Daemen ? Vincent
  Rijmen???????????????????Square???,????????????(Wi
  de Trail Strategy)

20
?????????

• References
• Wenling Wu, Sihan Qing, etc. Brief Commentary on
  the 15 AES Candidate Algorithms Issued by NIST of
  USA, Journal of Software, 1999,10(3) 225-230

21
?????????

• Wenling Wu, Sihan Qing, etc. Cryptanalysis of
  Some AES Candidate Algorithms, Proceedings of
  Second International Conference on Information
  and Communications Security (ICICS99), in LNCS
  1726, Springer-Verlag, 1999.

22
NESSIE -- ???????

• 17??????7???,???????????2?,???????1?,???4?(??COSIC
  ??????),????5????,????????

23
? ? ? ?

• ????
• ?????
• ??????
• ????
• -SSL
• -IPSEC

24
?????????

• BAN???????
• Kailar??????
• Strand Space ????
• CSP????
• Model Checker ????
• ??????

25
???????????
???? ???? ????
???? ?????? ???? ????
26
??????

• ?????(State machine model)
• ?????(Information Flow model)
• ?????(Noninterference model)
• ??????(Nondeducibility model)
• ?????(Integrity model)
• ...........

27
????????
??????GB178591999??????????????????????????,?
??TCSEC?B1?????????????????????????
??Linux,????????
28
????????
2000?11?18?,????????????????????????????????????
???????,????????V1.0,??2000?11?17?,?????????????
?????????????(GB17859-1999)?????????????????????,
?????????????? 2001?2?20?,????????????????????????
?
29
????????

• IDC??,????????????????????????

30
????????????
???,?????B1?B2???,???????????????,??????????????
???????????,?????????????????????????
31
????????????
??????????????,????????????????? ????????????
???????????????????? ?????????????????????????
????????????????????????????????????
32
????????????
????????????????????,????????????? ??????????????
??????????????????? ????????????????,????????????
???,??????????????,??????????
33
????????????
??????????????????????????? ????????????,??,????
????,?????????????????????,?????????????????,?????
??????,????????,???????????????????
34
????????????
????????????,???????????????????? ??????????????
?????????????????? 1993?,DoD?TAFIM (Technical
Architecture for Information Management)??????????
???DGSA,????????????,??????????????????
35
????????????
??????????????,??????????????? (1)?????????????,?
?????(?Goguen?Meseguer??????)???????????????,????
?????????????? (2)??????????????????????????
36
?????????

• ????????(GFAC)-????????????(??)???
• FAM??-??????????????????
• ??RBAC???????
• FLASK??-??????????

37
????????????
GB17859?????????,????????????(Covert
Channel)?????? ??TCSEC???ISO/IEC
15408????????????????????????? ????CC???GB/T18336
?????????????????????
38
????????????
?????? ?????????????? ?????????????????? ???,??
?????? ??????????????? ?????????? ??????
39
???????????????
??? ???? ???? ?????? ??WEB ????
40
??????????-???
IP ???
?????
41
????(??????)
??????????
42
???????
43
?????
???
44
????????
????? ????????????,??????? ?????
(1)????????
(2)???????????????????
45
??????
?????? ??????
(1)???????
(2)??????????????????(??????)
(3)????????????
(4)??????
???
46
????????
??B???????,??DG??B2??????HP??B1??????????????? ???
?,?????????????,????????? ?????? ?????????
47
????????
?????B????????,???, MAC, ??????????????,??????????
??????????????,??????????? ????????????? ???,
??, NAT, VPN,??,??,??????
48
???????

• ?????????????????????????????????99030226A
• ??????????31???????

49
??????
??????
????????
??WEB???
????????
?????????
?????????
50
??????
PDRR??
Protect - ??
Detect - ??
React - ??
Recovery - ??
51
???????

• ?????????
• ????
• ????
• ?????????...
• ????
• ??????(ipv6)

52
???????

• ??????
• ????
• ????
• ????
• ????
• ????????
• ????,??,????..

53
????

• ???
• ??????????
• TEL FAX86-10-62635150
• EMAILqsihan_at_ercist.iscas.ac.cn
• ????????4?,8718?? ??100080

54
Q A

• Thank you