【摘要】 互联网体系架构正面临着严峻的安全和管理挑战,迫切需要具备可信性和可控性特征的新架构.已有的网络体系结构要么是基于边缘论和面向非连接的设计思想,导致分组传输路径不可控,要么是重新设计现有网络的体系架构,代价巨大.文中提出了一种可信可控的网络体系结构,其特征是在现有网络体系架构的基础上增加一个可信可控4层逻辑结构,从而实现网络组元及用户行为的可预期、可管理,它包括决策层、观测层、资源层和可信接口层4个层次;在明确新网络体系结构中网络控制对象为逻辑流的前提下,给出了一种包含感知与监测、理解与检测、判断与决策和控制及可达4个功能环节的闭环自反馈控制方法,确保网络系统可自诊断、自恢复地回归稳定态.同时指出具备跨层交互能力的可信接口层是新体系实现可信可控的关键,继而给出了位于该层的可信可控协议模型,并定义了确保协议执行可预期的协议基本功能;指出了逻辑流中信任流是协议的主要控制对象,并基于新体系结构下网络控制方法,通过融合信任管理和不可否认服务的方式给出了协议可信的控制方法.为验证协议模型和控制方法的有效性,给出了协议的具体实施方案,包括协议基本要素和协议两阶段执行过程.最后,给出了新体系与现有技术相比较所具备的优势,并对下一步工作进行了展望.更多还原

【Abstract】 As Internet has grown in size and complexity,the network architecture is confronting some serious challenges on security and management,and the ideal countermeasure to these issues is to design some new architecture with trustworthiness and controllability.All existing architectures are either based on End-to-End argument and connectionless-oriented theory making packets transmission uncontrollable,or redesigning the existing network architecture at great expense.With these issues in mind,the authors propose a trustworthy and controllable network architecture by attaching to the present network architecture with a four lays of trustworthy and controllable logical architecture including decision layer,observed layer,resource layer and trustworthy interaction layer for making network and user behavior predictable and manageable.On the premise of defining logic flow as the network controlled objective in the new architecture,the authors present a self-feedback control method in close-loop mode including four functional phases such as perception and monitoring,understanding and detection,judgment and decision-making,and control and reachable for ensuring network system be stable state with the capability of self-diagnosis and self-recovery.They also point out the trustworthy interaction layer with the capability of cross-layer interaction is key to ensure the network architecture trustworthy and controllable,and then propose the model of trustworthy and controllable protocol locating in the layer and define protocol fundamental function for ensuring protocol execution predictable.The authors also point out the trust flow appeared in logic flow is the protocol controlled objective,and give out protocol trustworthy control method based on network control method of the new architecture by means of integrating trust management with non-repudiation service.For checking validity of the protocol model and protocol control method,they present the concrete protocol implementing scheme including protocol basic elements and protocol two-stage execution process.Finally the authors show some advantages of our new architecture in comparison with some representative existing techniques,and point out our future work.更多还原