Key Technology For In-depth Protection Of Information Systems Research

For the last ten years, network information security technology had made great progress in the scope and depth. An important research trend is to emphasize the integration of attack and protection, pursue dynamic security. In the information security technology research, two different points of view and directions have come into being. One is to consider the information security from the point of view of positive protection, research encryption, authentication and non-repudiation. Another is to consider the information security from the point of view of negative attack, research vulnerabilities scanning, IDS, urgent response and anti-virus. However, the pratices of information security technology and applications have proved that two sorts of technology should be integrated, multi-level and dynamic security architecture should be established to assure the security of information system. From the point of view of Internet and information security, the important elements of an information system are defined in the paper. The information assurance technology aspects of information systems are partitioned into four areas: local computing environments, enclave boundaries (around the local computing environments), networks and infrastructures, supporting infrastructures. Then, a defense-in-depth strategy is introduced, all sorts of security technology are clearly defined and discussed.For the PKI in supporting infrastructures, the theory basis, logic of trust, research envolvement, the developping of architecture, implementing methods and developing technology of elements are described in detail. Security communication protocols between elements are designed and proved.Togetcher with the implementation of PKI security clients, the encryption schema and encryption flow of Windows are analysed. The uploading and authenticaton methods of Windows CSP are pointed out. The public key structure, encryption algorithms and key are supplied..For the data transportation security, VPN technology which is very popular in the market is discussed. Several primary protocols are compared with one another from the point of view of implementation. And also, the implementing model of IPSec_based VPN enciphers is introduced. Finally, the paper introduces the Bell-La Padula model, researches the high_levelabstract model for security computer systems and proves the conditions whichsecurity computer systems should meet. The formal operating rules which accord withthe Bell-La Padula model and security proof of these rules are given.