Research On Secure Communications Network Model Based On Security Label And Key Technologies

Classified protection system of information security is an important system relating to the development of national economy and informationizes construction. It plays an important role to improve the ablity of information security protection, safeguard public interest, and promote the development of information technology. The third classified information systems (security label protected class) play a crucial role in classified protection. According to preliminary statistics, most of our existing information systems focus on the third classified information systems. Therefore, the third classified information systems will directly affect the results of protection and construction for classified protection. The secure communications network is a supporting technology and an important component for the third classified information systems'implementation. It is the foundation and premise to achieve information sharing and exchange of internal classified information systems and between classified information systems.This dissertation deeply studies the needs and characteristics of the network secure communications. Combined with the current multi-level secure data transmission technologies and multi-level security access control technologies, this dissertation comprehensively analyzes secure communications network for classified protection. The main work is as follows:1. The dissertation deeply researches the needs of the secure communications network for classified protection. Combined with the existing multi-level security access control model and data secure transfering technologies, the secure communications network model based on security label is proposed, through introducing secure object and secure channel. The model defines network operation set and security rules, and proves the security of state conversion process which is after operating and security rules. The model has generality and flexibility, shields the low-layer technical details of the actual communication environment, and provides the theoretical support for implementation of secure communications network for the classified protection.2. Aiming at the needs of binding security label to data object in multi-level secure data transmission, a technology based on XML application layer security label is proposed. It ensures that the information flow bound to security label physically in the network transmission, and makes the basis for the implementation of access control protection based on security label in the communications network environment.3. The security label of subjects is adjustable and variable in the multi-level network communications environment, so the method of the subject's security label adjustment techniques based on trustworthiness is proposed. Based on actual application requirements of the classified protection environment, the adjustment of subject's security label is divided into static security label adjustment and dynamic security label adjustment. This method ensures the correctness of access control implemention for multi-level security in network traffic.4. Based on the proposed theoretical model and technologies, the dissertation gives the overall design of the system, sets up multi-level secure channels based on seurity label, and achieves the goal of distinction and isolation between information flows transmission protection of different levels in multi-level secure communications network. Through the operation of the secure channels to control the network information "flow in", and "flow out" strictly, it ensures that data and information of the network is available, controlable, trust and secure in the classified protection environment.