摘要
为了规避信息系统在互联网应用中的泄密及网络入侵风险,依据"黑核"体系思想,采用2个S3C6410ARM处理器作为连接内外网络的独立主机,结合1个EP1C12Q240I7FPGA器件作为控制内外网连接及原始数据摆渡的中转站,设计一种基于双宿主机架构的信息安全防御网关,断开网络层连接,防范基于TCP/IP协议的网络攻击。将所设计的网关部署于公网,可在隔离外部网络的情况下,构建高密级专用信息系统,提供可信的端到端服务。
A secure gateway based on double host architecture is designed according to the idea of black core system to tackle at leakage and intrusion risk of the information system in the internet application. This device of framework disconnects the network layer and can prevent network attacks based on TCP/IP protocol. In the design, two ARM processor S3C6410 is applied as independent host of the internal and external network, and FPGA device EP1C12Q24017 is used to control internal and external network connections and original data of the ferry station. Through the deployment of the gateway in the public network, external network can be isolated and the high level of special information system can be constructed for providing trusted end-toend services.
出处
《西安邮电大学学报》
2015年第4期23-28,共6页
Journal of Xi’an University of Posts and Telecommunications
基金
陕西省自然科学基础研究计划资助项目(2014JM2-6097)
关键词
端到端加密
网络隔离
嵌入式网关
end-to-end encryption, network isolation, embedded gateway
