Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Generic Data Structure for a Security Policy Database
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. (CCSlab)
2008 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

IPsec makes secure Internet infrastructures more feasible, as its security services offer protection for IP traffic at the network layer. It is a very dynamic protocol suite, consisting of several protocols that enable a number of different security services. As IPsec enables flexible security, there is a need for agreements between the parties. All network nodes that utilize IPsec need to keep track of their agreements with their peer nodes, this information is stored in a Security Policy Database (SPD).

In a network environment where thousands of pairs of nodes may communicate, it is important that lookups in the SPD occur quickly. The SPD usually operates with a small number of agreements, which suggest that the data structure it utilizes should be rather simple. However, the data structure should scale properly, even when the number of agreements increases to a very large number. This masters thesis examines existing implementations of a SPD and the existing data structures used for SPD implementation. It then tries to identify what makes a good implementation. Subsequently, a generic data structure is proposed for use as a SPD.

Abstract [sv]

IPsec tillhandahåller säkerhetstjänster för att skydda IP-trafik på nätverksnivå, dess dynamiska egenskaper underlättar konstruktion av system med hög säkerhetsflexibilitet. Då kraven på säkerhetstjänsterna varierar mellan kommunikationsparterna, anpassas avtal individuellt mellan varje kommunikationspar. Varje part som använder IPSec måste ha ordning på dess aktuella avtal, de sparas i en säkerhetsdatabas (SPD).

I nätverkssammanhang då kanske tusentals kommunikationslänkar är aktiva, är det viktigt att uppslag i en SPD genomförs snabbt. En SPD innehåller oftast ett, för den datastruktur som används, lågt antal avtal. Det är dock viktigt att en SPD är skalbar och kan hantera händelser då antalet avtal kraftigt ökar. I detta examensarbete genomförs undersökningar av befintliga säkerhetsdatabaser och för ämnet intressanta datastrukturer. Bra idéer kommer att lyftas fram för att användas till att designa en skalbar datastruktur för säkerhetsdatabaser.

Place, publisher, year, edition, pages
2008. , 80 p.
Series
Trita-ICT-COS, ISSN 1653-6347 ; COS/CCS 2008-06
Keyword [en]
IPsec, Security Policy Database, SPD, IP security, packet classification, heuristic algorithm
National Category
Communication Systems
Identifiers
URN: urn:nbn:se:kth:diva-99122OAI: oai:DiVA.org:kth-99122DiVA: diva2:541044
Presentation
2008-03-26, Seminar room "Grimeton", Isafjordsgatan 22, Kista, 16:00 (English)
Uppsok
Technology
Supervisors
Examiners
Available from: 2012-07-30 Created: 2012-07-13 Last updated: 2013-09-09Bibliographically approved

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Jaurén, Daniel
By organisation
Communication Systems, CoS
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 54 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf