Design and Implementation of VPN Gateway Based on SSL
|School||Xi'an University of Electronic Science and Technology|
|Keywords||SSL VPN access control security detection|
This thesis mainly researches the SSL session and access control in SSL VPN system. Based on SSL protocol, authentication, access control, an efficient and secure SSL VPN is implemented, and the implementation of SSL session and the access control mechanism is described in detail. The main contributions are as follows:(1) The technology related to SSL VPN is analyzed, and a VPN tunnel is established based on SSL, so as to ensure the secure authentication. The management of the SSL connection is also achieved.(2) Based on analyzing access control and RBAC, an access control mechanism adapting SSL VPN is proposed. The access control mechanism of aventail 1.0 SSL VPN system is inefficient and not fine-grained enough. This system improves role based access control module, and efficiently manages user group, resource group, relationship between users and resources.(3) Client security detection policy is integrated in the system, thus the system can estimate security state of the client and achieve dynamic authorization combining the role’s access policy.