JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2016, Vol. 51 ›› Issue (3): 98-103.doi: 10.6040/j.issn.1671-9352.2.2015.325

Previous Articles     Next Articles

An efficient multilevel interconnection network security mechanism based on virtualization

WU Huan1, ZHAN Jing1,2,3*, ZHAO Yong1,2,3, TAO Zheng1, YANG Jing1   

  1. 1. College of Computer Science, Beijing University of Technology, Beijing 100124, China;
    2. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China;
    3. National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing 100124, China
  • Received:2015-08-17 Online:2016-03-20 Published:2016-04-07

PDF (PC)

956

Abstract: For high security level information system, such as industrial control environment draws from GAP and virtual firewall, a new multilevel interconnection network security mechanism based on Xen shared memory technology was proposed. According to the security needs of information systems and different business needs, enterprises could apply different VM templates which had their own security policies, and shared memory was used to simulate the dedicated transmission medium of GAP to enhance the performance of security isolation with high security, which provided a new idea for the development of GAP.

Key words: multistage interconnection network security, GAP, traffic filtering, industrial control network, Xen shared memory

CLC Number: 

  • TP393.1
[1] 林龙成, 陈波, 郭向民. 传统网络安全防御面临的新威胁:APT攻击[J]. 信息安全与技术, 2013(3):20-25. LIN Longcheng, CHEN Bo, GUO Xiangmin. The new threat to traditional network security defense: APT attack[J]. Information Security and Technology, 2013(3):20-25.
[2] Chen T M, ABU-NIMEH S. Lessons from Stuxnet[J]. Computer, 2011, 44(4):91-93.
[3] 肖新光. 管中窥豹——Stuxnet、Duqu和Flame的分析碎片与反思[J]. 信息安全与通信保密, 2012(7):18-19. XIAO Xinguang. Benevolence-Stuxnet, Duqu and Flame debris analysis and reflections[J]. Information Security and Communications Privacy, 2012(7):18-19.
[4] 魏钦志. 工业控制系统安全现状及安全策略分析[J]. 信息安全与技术, 2013(2):23-26. WEI Qinzhi. Industrial control system security situation and safety strategy analysis[J].Information Security and Technology, 2013(2):23-26.
[5] 缪学勤. Industry 4.0新工业革命与工业自动化转型升级[J]. 石油化工自动化, 2014,50(1):1-5. MIAO Xueqin. Industry 4.0 new industrial revolution and automation updating[J]. Automation in Petro-Chemical Industry, 2014, 50(1):1-5.
[6] 王珺,李立新,李福林. 物理隔离和网闸的技术原理浅析[J]. 微计算机信息, 2007, 23(24):53-55. WANG Jun, LI Lixin, LI Fulin. Research on data exchange and air gap of GAP technoloy[J]. Microcomputer Information, 2007, 23(24):53-55.
[7] 王博.基于物理隔离技术的网闸系统的设计与实现[D].西安:西安电子科技大学,2014. WANG Bo. Design and implementation of net gap system for physical isolation[D]. Xian: Xidian University, 2014.
[8] 王勇强. 基于PCI总线的网闸数据交换系统的设计与实现[D]. 西安:西安电子科技大学,2012. WANG Yongqiang. Design and implement of data swapping system for PCI-based GAP[D]. Xian: Xidian University, 2012.
[9] JEKESE G, SUBBURAJ R, HWATA C. Virtual firewall security on virtual machines in cloud environment[J]. International Journal of Scientific& Engineering Research, 2015, 6(2):990-995.
[10] 王景学. 云计算虚拟机防护系统设计与实现[D]. 西安:西安电子科技大学, 2014. WANG Jingxue. Design and implement of virtual machine protection system in cloud computing[D].Xian:Xidian University, 2014.
[11] 章志华,李建俊. 烟草工业生产区与管理区的多级安全互联模型浅析[J].浙江烟草, 2013(2):85-89. ZHANG Zhihua, LI Jianjun. Multi-level security network model tobacco industry production area and administrative area [J]. Zhejiang Tobacco, 2013(2):85-89.
[12] CHOIS S, CHANG Y, YUN J H. Multivariate statistic approach to field specifications of binary protocols in SCADA system[J]. Lecture Notes in Computer Science, 2014, 8909:345-357.
[13] ZHANG D G, WU Y, ZHANG W B. The design of a physical network isolation system[J]. Applied Mechanics & Materials, 2014:687-691.
[14] 赵小刚, 王创科. 物理隔离网闸系统设计浅析[J]. 科技与创新, 2014(18):133-134. ZHAO Xiaogang, WANG Chuangke. The design of physical gatekeeper system analysis[J] ,Science and Technology & Innovation, 2014(18):133-134.
[15] 石磊. Xen虚拟化技术[M]. 武汉:华中科技大学出版社, 2009.
[16] 朱团结, 艾丽蓉. 基于共享内存的Xen虚拟机间通信的研究[J]. 计算机技术与发展, 2011, 21(7):5-8. ZHU Tuanjie, AI Lirong. Research on Xen inter domain communication based on shared memory[J].Computer Technology and Development, 2011, 21(7):5-8.
[17] 左青云, 陈鸣, 赵广松. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013,24(5):1078-1097. ZUO Qingyun, CHEN Ming, ZHAO Guangsong. Research on OpenFlow-based SDN technologies[J].Journal of Software, 2013, 24(5):1078-1097.
[18] 赵祎,罗俊,陈玺,等. 基于OpenvSwitch的OpenFlow实践[EB/OL].(2014-01-03)[2014-08-15]. http://www.ibm.com/developerworks/cn/cloud/library/1401-zhao-yi-openswitch.
[19] 陈佳.应用层协议快速识别的研究与实现[D].北京:北京邮电大学,2010. CHEN Jia. Research and implementation of quick identification for application layer protocols[D]. Beijing:Beijing University of Posts and Telecommunications, 2010.
[20] 吴欢, 宋力, 刘遇哲. 基于HTTP协议特征字的识别研究[J]. 计算机与网络, 2015(9):32-35. WU Huan, SONG Li, LIU Yuzhe. Research on feature character recognition based on HTTP protocol[J].Computer & Network, 2015(9):32-35.
[1] CHEN Xia, CHEN Chun-rong. Gap functions and error bounds for generalized vector variational inequalities [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(4): 1-5.
[2] TIAN Xiao-huan, CHEN Chun-rong. Gap functions and error bounds for Ky Fan quasi-inequalities [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(11): 123-126.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd