Data secure transmission method among multilevel information systems

Abstract

The invention provides a data secure transmission method among multilevel information systems. In the method, a regional border gateway of an information system at which a subject is located judges whether security processing is needed according to a security label of the subject contained in an access request; the regional border gateway of the information system at which the subject is located searches whether the corresponding label security channel exists according to the security labels of the subject and an object, if the corresponding label security channel does not exist, a new label security channel is created and the next step is executed, and otherwise, the next step is directly executed; the information in the security label of the subject is written to an IP option field of a data packet of the access request, then the data packet can be forwarded to an information system at which the object is located through the label security channel, and the regional border gateway of the information system receives the data packet via the label security channel; security policies can be compared, if the comparison results are consistent, the data packet can be permitted, and otherwise, the data packet can be abandoned; and when receiving the data packet, the object judges an operation type of the object by the subject and the subject can read or write on the object according to the operation type.

Description

technical field [0001] The invention relates to the field of hierarchical protection, in particular to a data security transmission method between multi-level information systems. Background technique [0002] As a policy that the country is committed to promoting, hierarchical protection has gradually become a means of information security protection and has become an important content in the field of information security research. It divides the information system into different security levels according to the mission and goal of the information system, and according to the importance of the system, and comprehensively balances the security cost and risk, forms different levels of security measures, and realizes the security protection of the information system. [0003] In the "Computer Information System Security Protection Level Classification Criteria" (GB 17859), my country divides the computer information system security protection capabilities into five levels, nam...

AI Technical Summary

Problems solved by technology

However, in its security mark, confidentiality and integrity are defined and explained separately, and it does not indicate what content is covered by the security mark, failing to achieve the unity of confidentiality and integrity

In addition, the document only roughly explains the implementation and function of marking at each layer in the OSI seven-layer structure, and briefly explains the way intermediate nodes and end systems process marked data. However, with the development of the Internet today, many contents in the literature It is no longer suitable or cannot be applied in today's network, and the specific content and format of the security mark, as well as the specific implementation method of the security mark are not given in the literature

[0007] FIPS PUB 188 (Standard Security Label for Information Transfer) def

Images