Based On The Arm Network Isolation Mechanism

With the rapid development of Internet, the information exchange becomes more and more frequent in different security level networks. It is very urgent to be solve the problem that how ensure the information exchange security between non-trusted network and trusted network, how to solve within reason the network contradiction between opening and security. Network isolation technology is just the rise of a new network security technology, and is able to achieve the high security protection of the internal network information. A technical proposal of safe data transmitting based on logical isolation is put forward to solve the problem of contradiction between them in this paper. This proposal is that security software that was running in embedded Linux system with "ARM Computer" provides individualized security services of network data access to internal network terminal equipment, so as to protect data security transmission.This paper starts with demand analysis of the hardward, gives the hardward platform of "ARM9 Computer" based on dual-NIC. On this basis, it accomplishes the following several tasks: Firstly, the embedded OS that the proposal requested is chosen, cut and transplanted. Secondly, through studying the communication way between internal and external network, dual-NIC communication mode is presented to complete its data exchange, and realizes dual-NIC communication driver module of DM9000 NIC. Then, in the data exchange process, this paper introduces a new communication model, which is based on the Linux Netfilter structure. Though this model, the exchange packets are forwarded to deal with from link layer to network layer. Finally, in the process of data security disposal, hybrid encryption strategy based on RSA arithmetic and IDEA arithmetic is brought forward, which disposes data encryption with fast IDEA arithmetic, and protects IDEA key with RSA public key in transmission, save IDEA key and RSA keys in Flash memorizer or read them from Flash memorizer, carry the point of data security isolation.Network isolation system achieves the desired results in the process of data transmission, which not only implement high-speed transmission of data, but also ensure security performance of the system.