Design And Evaluation Of Network Isolation System Model

With the development of Internet technology,computer network is facing more and more severe security threats.Especially for the party and government organs,the military,enterprises and institutions,and other secret companies.Therefore,it is very important to isolate the network with different level of security and ensure the safe exchange of information.Under the urgent need of network isolation and data exchange between different security levels in China,a series of Network Isolation System(NIS)products have been produced.However,these products are designed according to the application requirements and security policies of various research and development companies.There is no secure and generic design strategy,nor is there a method to quantify or compare the security and performance of different NISs.In order to solve above challenges,this paper designs a universal and secure NIS's Function Tree(NISFT)model,and then proves the security and verifies the universality of this model.Then,according to above model,the evaluation methods of security and performance are proposed,respectively.Finally,the NIS model and its evaluation system,which realizes the evaluation of the security and performance of the NIS,are realized by Matlab.The main work of this paper is as follows:(1)A general and safe model of NISFT is proposed.Due to the extensive application and good performance of Turing machine in model building,complex problem analysis and proof,this paper proposes the definition of NIS based on Turing machine.Then,based on the proposed formal definition and related cryptography protocols,each function in network isolation system is represented as a functional component.Finally,we build a NISFT model in the form of function tree.(2)Security and universality verification of NISFT model.In order to realize the proof of security,the definition of secure data exchange in the confidential information system is introduced.Firstly,we should formally defined the secret-involved information system.Then the conditions for a secure data exchange are extracted and defined.Next,we verify the security of the NIS definition by mathematical proof.Then,it is verified that the NISFT model satisfies the definition of NIS.Finally,we use the NIS's products to verify the generality of NISFT model.(3)An NISFT evaluation method based on subjective and objective comprehensive weighting method was proposed,including safety evaluation method and performance evaluation method.Firstly,we should divide the NISFT model into modules.Design the evaluation method of security and performance of each module and the whole system by the proposed model,subjective and objective comprehensive weighting method.(4)Realize the NISFT model evaluation system by Matlab.First,according to GB/T 20279-2015,the security requirement of the classified information system and the cryptography protocol,we propose the security and performance evaluation indexes of functional components in NIS.Then,according to the model and evaluation method,the security and performance of the NIS is evaluated.