The Application System Based On Esb Data Security Exchange Technology Research

With the rapid development of information technology, a variety of information applications in the domestic defense industry has been playing an increasingly important role. According to the national security standards of classified information systems, defense units have strict security prescripts which makes these systems must provide enough secrecy mechanism such as border security protection, information integrity, authentication, access controlling, audit, etc. which raises the difficulty of data exchange between applications, especially for the case of cross security domains. However, the current ways of data exchange such as manual ferry, or using special adapter, because of inefficiency, insufficient of security, lack of universality, etc, are unable to meet the growing demand for secure data exchange. Additionally, many products and commercial solutions used in application integration don’t provide border access controlling measures, as a result, they can’t meet the demand of the national security standards of data exchange between classified information systems. To ensure the security of data exchange, there must be nor only data transmission security protection, but also data-level security solution.This dissertation researches the technology of data security exchange between applications across security domains based on ESB against the background described above. It can be concluded that the security issues need to be solved of the subject studies by researching the status of data exchange between applications of all level corporations in defense units across security domains, and analyzing the shortcomings and drawbacks of the current approaches of data exchange, and comparing with the national security standards of classified information systems.On the basis above, this dissertation proposes a pre-service based data security exchange model consulting the star structure by analyzing the advantages and disadvantages of the traditional application integration models including network structure and star structure, and designs, develops a prototype of data secure exchange platform based on ESB by combining the technology of messaging communication, web service and ESB. This platform has a central bus, provides border security protection by using pre-service deployed in the DMZ of security domains, and achieves the goal of data exchange across security domains through the usage of messaging and web service. At the same time, a variety of security measures including data encryption transmission, exception and fault handling, digital signature, security auditing, and so on, work together, which greatly enhance the security capabilities of the platform. The load balancing design helps to improve the data transmission efficiency of the platform, and reduce the blocking risk of message queues.This dissertation verifies the functions of data transmission, as well as three aspects of performances including security, extensibility, and stability of the data exchange platform. The validation results indicates that the platform reaches the target of data exchange across security domains, and has multiple security mechanisms and good extensibility and stability to meet the strict prescripts defined in the national security standards of classified information systems. The secure data exchange model based on pre-service and the overall design of the bus-based data exchange platform have been applied in a typical defense unit having two levels of corporate structure, and realized the goal of secure data exchange across security domains between corporate.