期刊文献+

一种面向数据安全的结构化保护方法 被引量:1

A Structured Protection Method for Intranet Data Security
原文传递
导出
摘要 保护内网数据安全的难点在于对终端的安全管控。由于终端上的USB和网络等I/O接口设备可以用于内网系统与外部环境之间的数据交换,因此实际上构成了内网系统的外部边界;这类边界数量大、分布广、管理复杂,很容易被恶意用户和木马程序利用,窃取内网敏感数据。提出一种系统结构化保护方法,减少终端边界接口的类型和数量,从而简化内网系统与外部环境之间的复杂接口关系,提高内网的数据安全保护能力。面向内网数据安全的系统结构化保护方法不仅可以有效保护内网数据安全,而且可以简化系统安全结构、减少安全产品数量,降低系统安全建设成本。 The challenge of Intranet data protection lies in the security management of end points in the system; and for USB, network and other I/O devices in end points could be used to exchange data between Intranet and outside system, these end points, in fact, form the outside boundary of Intranet. This kind of end-point boundary is large in scale, widely distributed and hard to manage, and easily exploited by malicious users and Trojans to steal sensitive Intranet data. Structured protection architecture is proposed to greatly reduce the scale of end-point boundary and its complexity, so as to simplify the complicated interface relations between intranet system and outside environment and improve the capability of data protection. The structured protection architecture for Intranet data security could effectively protect Intranet data and greatly simplify the security structure of Intranet system, reduce the amount of security products to be used and the security cost as well.
作者 程静 石勇
出处 《通信技术》 2012年第12期86-90,共5页 Communications Technology
关键词 虚拟机 终端安全 数据安全 结构化保护 边界安全 virtual machine end point security data security" structured protection boundary security
  • 相关文献

参考文献16

  • 1王竹,戴一奇.一种基于BLP模型的多级安全局域网[J].通信技术,2012,45(6):1-4. 被引量:2
  • 2杨义宁,杨育红,于大鹏,寇晓蕤.IPSec结合防火墙实现数据安全传输[J].通信技术,2008,41(9):150-151. 被引量:1
  • 3朱鹏,谢欣,周显敬,陈尚义.终端安全接入技术及发展趋势研究[J].信息安全与通信保密,2010,7(2):52-55. 被引量:7
  • 4邹翔,王志海,李志涛.内网安全数据保密技术分析与比较[J].信息安全与通信保密,2009,31(7):111-113. 被引量:6
  • 5孙志,齐学功,金怡,张明.涉密内网安全防护体系的研究与实践[J].信息安全与通信保密,2011,9(6):36-38. 被引量:20
  • 6Department of Defense. Trusted Computer SystemEvaluation Criteria (Orange Book) [EB/OL].(1983-8-15) [2012-07-10]. http://csrc. nist. gov/publications/history/dod85. pdf.
  • 7DALTON C, GEBHARDT M C, BROWN R M. PreventingHypervisor-based Rootkits with Trusted ExecutionTechnology[J]. Network Security, 2008(11):7-12.
  • 8HOHMUTH M, PETER M, HARTIG H, et al. Reducing TCB Sizeby Using Untrusted Components- small KernelsVersus Virtual-machine Monitors[C]// Proceedingsof the 11th Workshop on ACM SIGOPS EuropeanWorkshop. Leuven, Belgium:ACM Press,2004:1-5.
  • 9Trusted Computing Group. TCG Trusted NetworkConnect TNC Architecture for InteroperabilitySpecification Version 1.4 Revision 4 [EB/OL].(2009-05-18) [2012-07-20]. https://www. trusted-comput inggroup. org/home.
  • 10Trusted Computing Group. TCG Trusted NetworkConnect TNC Architecture for InteroperabilitySpecification Version 1. 1 Revision 2 [EB/OL],(2006-05-01) [2012-07-27], https://www. trusted-Applicationgroup. org.

二级参考文献29

共引文献30

同被引文献4

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部