Research And Design On Scheme Of Classified Information System's Interconnection

As the continuous developing of information technology, the scopes and types of classified information systems which handle classified information are in continuous expansion, and the interconnection between security domains becomes increasingly frequent.The traditional method of classified information system security domains' information exchange shows inefficiency and weak security gradually, there is a strong need on a secure and efficient scheme providing information exchange between different locations and systems to be satisfied. But at the same time,researches on classified information system's information protection technologies are relatively less in current times, these technologies can't support classified information system very effectively and should be strengthened in details.This article's architecture contains a scheme and two technical supports, the scheme is classified information system interconnection scheme, one support is security domain boundary protection technology which based on defining security domain boundary and interface segregation, another is access control technology which based on RBAC. This article starts with the scheme of classified information system interconnection,analyzes different supporting technologies in different layers. Then these technologies are combined with three issues in communication system: source, channel and sink. This combination forms the scheme of classified information system interconnection. After that, basic technologies as boundary protection and access control are selected as the emphasis in following chapters.In the research of boundary protection, the principles and existing methods of defining security domain boundary are cleared firstly. Then a boundary protection method based on interface segregation and unification which is set up on the boundary has been proposed. At last, this scheme has been described by language of set theory.In the research of access control, an enhanced access control technology which takes advantage of RBAC's easy management and DAC's meticulous control has been proposed.This technology supports the scheme of classified information system interconnection on access control technology, at last the technology's time and space complexity and security has been analyzed briefly.