计算机工程 ›› 2019, Vol. 45 ›› Issue (11): 159-165.doi: 10.19678/j.issn.1000-3428.0052658

• 安全技术 • 上一篇    下一篇

基于单向传输协议的网间安全交换技术

曾凡毅, 经小川, 孙运乾   

  1. 中国航天系统科学与工程研究院, 北京 100048
  • 收稿日期:2018-09-13 修回日期:2018-11-19 发布日期:2018-11-09
  • 作者简介:曾凡毅(1993-),男,硕士研究生,主研方向为工控安全;经小川,研究员、博士生导师;孙运乾,硕士。
  • 基金项目:
    广东省科技厅应用型研发基金(2016B010127005)。

Internetwork Security Exchange Technology Based on One-way Transmission Protocol

ZENG Fanyi, JING Xiaochuan, SUN Yunqian   

  1. China Aerospace Academy of Systems Science and Engineering, Beijing 100048, China
  • Received:2018-09-13 Revised:2018-11-19 Published:2018-11-09

摘要: 为解决工业控制系统与涉密工作网络之间信息安全交换的问题,提高信息交换的效率,提出一种基于单向传输协议的数据交换技术。构建数据交换可信验证模型,将业务数据分离成2个单向链路,并采用单向隔离设备实现网络的安全隔离和信息单向传输。通过控制信息管理子平台防止高密级信息流向低密级安全域,利用采集信息管理子平台抵御对涉密信息系统的攻击。设计数据安全传输机制,并进行私有协议封装。分析结果表明,该技术可实现工业控制系统与涉密信息系统间的安全互联和数据可信交换。

关键词: 工业控制系统, 涉密网络, 安全隔离, 验证模型, 单向传输

Abstract: In order to solve the problem of information security exchange between industrial control systems and confidential working networks,and improve the efficiency of information exchange,a data exchange technology based on one-way transmission protocol is proposed.A data exchange trusted verification model is built to separate the business data into two one-way links,and the one-way isolation device is used to realize network security isolation and one-way information transmission.The information control management sub-platform is used to prevent the flow of high security information to low security domain,and the information collection management sub-platform is used to resist the attack on the classified information system.The data security transmission mechanism is designed,and data is packaged in private protocol.Analysis results show that the proposed technology can realize secure interconnection and data trusted exchange between industrial control system and classified information systems.

Key words: industrial control systems, confidential networks, security isolation, verification model, one-way transmission

中图分类号: