Based On Dual-core System Security Framework

With the great development of the internet technology, the network has entered into every aspect of our lives. Internet becomes the tool to collect information, exchange and improve out lives and works. But internet has been widely use and it bases on defective technologies, these problems leave us a vulnerable network. Hackers can attack us easily. Computer virus can attack us easily. Lots of important messages can be obtained illegally. Improving operation system and searching new bugs has been the important works of programmers and hackers. Programmers can't win hackers completely. So now we don't need a method to deal with the bugs, we need a new method to protect important information effectively.For this case, based on the architecture of "Dual-Core and Dual-OS", this paper takes charge the design and realization of the supplementary-core security handling system. It is a part of a National 863 project "A safe terminal technology of windows based on Dual-Core and Dual-OS". The main designing goal is to promise the security of data flow between Windows-based terminal and Internet, at the same time make sure that sensitive information will not be leak out to Internet. Firstly, through analyzing the main technologies of IP filter and state full filter and TCP/IP protocol, this paper adopts a more detailed method, not only checks the change of state in TCP packet but also the bounds of acknowledgment and sequence which had been proved by Guido van Rooij , to control the packet. The design can reduce the probability of protection. Secondly, this paper adopts two algorithms to check if the passing packets have sensitive information. One is a improved multiple-patterns-algorithm based on SunWu algorithm. The other is predicate counting matching given by Kumar. Thirdly, this paper designs data structures of rules and alarms.Making use of the methods above, the supplementary-core security handling system is able to identify the illegal packets, and take effective measures to protect the information security of Windows terminal.