摘要： 漏洞扫描还不能完全将网络终端中存在的各种复杂攻击检出，许多传统安全技术时常失效，从信息安全技术层面上还不能有效解决现代网络中的安全问题。该文介绍了PCI扩展ROM规范、网络通信链路切换机制和机密信息存储原理，分析了主机和外部设备互连关系以及攻击特征，提出一种新的基于扩展ROM防止机密信息泄漏的安全网络终端结构，该结构支持网络终端内外网的物理隔离。

关键词: 安全隔离卡, 扩展ROM, 物理隔离

Abstract:

Now, as vulnerability scanning can not fully check out complex attack existing in network, many of the traditional security technologies are no longer valid and failure to prevent effective solutions to modern network security problems from information technology, so many methods based on security model are presented. This paper analyzes the PCI extended ROM specification, the mechanism of network communications link switch, the principle of secret information storage, the connection relation of host computers and devices and the characteristic of attack, presents a novel security architecture of network terminal, which is based on extended ROM and PCI bus to carry out the physics gap of a network terminal between interior and exterior network. It discusses the principle and hardware design of the security isolation card based on PCI bus.

Key words: security isolation card, extended ROM, physical isolation

中图分类号: 

• TP393.08