Data exchange Network technology: A new way of interconnection with non-secure network services

I. BACKGROUND

Because the technology of network protection lags behind the attack technology, it always faces the attack and intrusion from the unsafe area, so it is necessary to take the technology isolation method to guarantee the data security. At present, five kinds of isolated exchange technologies are popular: firewalls, multiple security gateways, network gates, data exchange networks, and manual exchange. Where human exchange is not possible, just simple file delivery, firewalls and multiple gateways are checkpoints, rely on security detection technology to ensure safety; the net gate relies on the ferry technology to isolate the network, relies on the agent technology isolation application, the security detection aspect is not strengthened, but the data exchange network technology is the network adds the level way, Including the advantages of the first three isolation technology, and on the network can be in accordance with the "Vase Model" security system construction, comprehensive, three-dimensional security of the business, so its security should be relatively good.

The idea of a data exchange network is to build a platform for data exchange between two networks that need to be isolated, a mutual separation of the two sides, in this security zone, not only can set multi-channel security checkpoints, but also through the business agent to protect the integrity of the "intranet" data, while security monitoring and auditing means to join, The protection gateway has greatly compensated for the "chronic" attack behavior.

The theoretical basis of data exchange network technology

The model of the data Exchange network is derived from the Clark-wilson model of the bank system, which protects the integrity of the data through the way of business agent and double audit. The model mainly guarantees the safety of the banking business, and it is also the safeguard measure for the bank to support the Internet financial business. It is applied to the interconnection with the unsecured network, which solves the security of the business data and makes the data Exchange network technology complete.

The basic mechanism of the Clark-wilson model is two, namely, the well-formed transition and the separation of responsibilities (segregation of duties). The purpose of a compliance transaction is not to allow a user to arbitrarily modify data, for example, manual accounting system, to complete the revision of a record of accounts, must be in the expenditure and transfer to two subjects have changed, this transaction is "compliance", and when the accounts can not balance, there are errors.

The purpose of separation of duties is to ensure that the data object corresponds to the way in which the real world object it represents, and the computer itself does not directly guarantee this external consistency, and the segregation of duties rule is to not allow anyone who creates or examines a compliance transaction to execute it. In a compliance transaction, at least two people will be involved in order to change the data. Based on the above two basic mechanisms, the Clark-wilson model has two kinds of rules: compulsive rule and confirmation rule. The compulsive rule is a security function unrelated to the application, and the validation rule is the security function related to the specific application. Let's explain the terms in the Clark-wilson model:

Constrained data item (CDI): The data item to which the model is to be applied, that is, trusted data

Unconstrained data Item (UDI): Raw data submitted by the user, UDI is not a trusted data

Transaction process (TP): Also known as the conversion process, their role is to transform the UDI from one legal state to another legal state. Like turning the UDI into CDI.

Integrity verification Process (IVP): This is a process to ensure that all CDI in all systems comply with the integrity requirements, it is used in the audit-related process, imitate human audit operations.

The rules for the Clark-wilson model are as follows:

Compulsive rule: E1: Users can manipulate the trusted data (CDI) only indirectly through the operation of TP; E2: Users can only be authorized to perform operations; E3: User's confirmation must be validated; E4: Only security officials can change the authorization.

Validation rules: C1: Trusted data must be tested in conformance with the real world; C2: Procedures perform operations in the form of compliance transactions; C3: The system must support the separation of responsibility; C4: input by operation, or receive or reject

There are three conditions for defining the integrity of the data: 1, preventing unauthorized users from tampering with the data. 2, prevent the authorized user to modify incorrectly. 3, maintain the internal and external consistency of data modification.

The separation of responsibilities derived from the two rules of the Clark-wilson model and the good management characteristics of organizational things, very good maintenance of the data integrity of the three elements, interested readers can be inferred, this is no longer discussed in detail.

Clark-wilson model from a security perspective to bring us the Enlightenment:

Through the business agent so that users can not directly to the backend system, the control of the system can not be user

There should be a separate audit process for business management

Although the Clark-wilson model guarantees the integrity of the data, the data Exchange network is the data exchange between the two networks, only to ensure the security of the business data is not enough, the security of the data, the intrusion prevention in the Intranet, the protection of the attack need to be guaranteed, So the data Exchange network integrates the idea of security gateway with the thought of Clark-wilson model, and forms the security guarantee way of data exchange network technology.