| 多网安全隔离交换系统的设计与实现 |
| |
| 引用本文: | 丁烽祥,张怡,王勇军.多网安全隔离交换系统的设计与实现[J].厦门大学学报(自然科学版),2007,46(A02):92-97. |
| |
| 作者姓名: | 丁烽祥 张怡 王勇军 |
| |
| 作者单位: | 国防科学技术大学计算机学院,湖南长沙410073 |
| |
| 基金项目: | 国家自然科学基金(90604006)资助 |
| |
| 摘 要: | 以隔离网闸技术为基础,设计并实现了一个多网安全隔离交换系统.系统采用了多线程、ARP缓存、网络地址转换等技术,使多个外网能够并行接入系统,对内网进行安全访问;采用了零拷贝技术,并优化了规则匹配算法以提高处理性能.经验证,设计实现的多网安全隔离交换系统能够对内外网络进行物理隔离,并对网络数据进行深度内容检查和安全控制,且具有较高的网络处理性能.
|
| 关 键 词: | 隔离网闸 协议安全处理 零拷贝 ARP缓存 网络地址转换 |
| 文章编号: | 0438-0479(2007)S2-0092-06 |
| 修稿时间: | 2007-08-16 |
The Design and Implementation of Multi-network Security Isolation-Exchange System |
| |
| DING Feng-xiang, ZHANG Yi, WANG Yong-jun.The Design and Implementation of Multi-network Security Isolation-Exchange System[J].Journal of Xiamen University(Natural Science),2007,46(A02):92-97. |
| |
| Authors: | DING Feng-xiang ZHANG Yi WANG Yong-jun |
| |
| Institution: | School of Computer, National University of Defense Technology, Changsha 410073, China |
| |
| Abstract: | Based on the technology of isolation network-gap, we design and implement a multi-network security isolation-exchange system. The system adopts the technologies such as multi-thread, ARP buffer and NAT. So it can be connected with more than one outside networks simultaneously, and permit the outside networks to access the inside network safely at the same time. Moreover, the system adopts zero-copy and optimizes the rule-match algorithm to improve process performance. It can be proved that the multi-network security isolationexchange system not only implement physical isolation between the inside network and the outside networks, in-depth detect and security control the datagram on networks, but also attain high network process performance. |
| |
| Keywords: | isolation network-gap protocol security process zero-copy ARP buffer NAT |
| 本文献已被 维普 等数据库收录! |
|
