摘要: 为解决工业控制系统与涉密工作网络之间信息安全交换的问题,提高信息交换的效率,提出一种基于单向传输协议的数据交换技术。构建数据交换可信验证模型,将业务数据分离成2个单向链路,并采用单向隔离设备实现网络的安全隔离和信息单向传输。通过控制信息管理子平台防止高密级信息流向低密级安全域,利用采集信息管理子平台抵御对涉密信息系统的攻击。设计数据安全传输机制,并进行私有协议封装。分析结果表明,该技术可实现工业控制系统与涉密信息系统间的安全互联和数据可信交换。
关键词:
工业控制系统,
涉密网络,
安全隔离,
验证模型,
单向传输
Abstract: In order to solve the problem of information security exchange between industrial control systems and confidential working networks,and improve the efficiency of information exchange,a data exchange technology based on one-way transmission protocol is proposed.A data exchange trusted verification model is built to separate the business data into two one-way links,and the one-way isolation device is used to realize network security isolation and one-way information transmission.The information control management sub-platform is used to prevent the flow of high security information to low security domain,and the information collection management sub-platform is used to resist the attack on the classified information system.The data security transmission mechanism is designed,and data is packaged in private protocol.Analysis results show that the proposed technology can realize secure interconnection and data trusted exchange between industrial control system and classified information systems.
Key words:
industrial control systems,
confidential networks,
security isolation,
verification model,
one-way transmission
中图分类号:
曾凡毅, 经小川, 孙运乾. 基于单向传输协议的网间安全交换技术[J]. 计算机工程, 2019, 45(11): 159-165.
ZENG Fanyi, JING Xiaochuan, SUN Yunqian. Internetwork Security Exchange Technology Based on One-way Transmission Protocol[J]. Computer Engineering, 2019, 45(11): 159-165.