| Internet is facing a serious problem: open and security. Private or sensitive data, such as credit card information, login account and password, and etc., is easily theft without authorization by Internet hackers.In this paper, we propose a new secure architecture of network client (SANC). This new architecture is aimed to build a kind of low-cost intrusion-free network client and reduce vulnerability of Neumann model. It is comprised of single CPU and two physically isolated system buses, secure and non-secure. Only non-secure bus has Internet interfaces, such as MAC/PHY. Devices, storing private or sensitive data, can only be accessed through secure bus. Internet related applications, which are running on the non-secure bus, have no opportunity to access resources on the physically isolated secure bus. Network clients based on our secure architecture can ensure private or sensitive data, stored on devices connected to the secure bus, avoid being theft through the Internet.Our secure architecture uses only one CPU and can efficiently control the cost. To control the connection between CPU and two system buses, ensure only one bus can be connected to CPU at the same time, physically isolate two system buses and supply communication mechanism, a Bus Bridge is designed.We have also studied data exchange mechanisms between two areas. Shared data memory, also known as cache, and a component called Switch are presented to resolve this problem.Environment is totally different between two areas, so switching working area may interrupt the normal execution of CPU and disorder the process logic. To avoid this problem, shared instruction memory is introduced and all programs related to switch working area is located in it.Finally, we present a minimal system design and implementation of network client based on SANC and it has verified its feasibility. |
PDF Full Text Request