单向数据导入系统的设计与实现-计算机应用技术专业论文.docx

摘 摘 要 万方数据 万方数据 摘 要 对于涉密信息的保护一直是政府、军队等部门重视的关键问题。之前一直采 用物理隔离的方式建设网络，对于涉密网络需要与其他网络交换信息的情况，只 能通过手工拷贝的方式实现。这不仅导致了业务效率下降，同时光盘、U 盘的丢 失会导致数据丢失、泄密，如果数据被非法利用，将会产生极为严重的后果。因 此，国家保密局明确规定涉及国家秘密的计算机信息系统，不得直接或间接地与 国际互联网或其它公共信息网络相联接，必须实行物理隔离[1]。 然而，涉密网络与外界必须物理隔离，这使其成为名副其实的信息“孤岛”， 这在一定程序上影响了这些部门自身的发展。光闸等数据单向传输系统采用了基 于无反馈的数据传输协议，提供了一种有效的解决信息“孤岛”的方案，使外界 网络经过审核的、安全的数据能够实时、快速进入涉密网络而不会产生不良后果。 本文通过对单向传输协议相关技术的学习和研究，通过对国内外相关产品的 分析和比较，总结出单向数据导入系统应满足的系统体系结构与模块组成，设计 实现了一套单向数据导入系统，并在此基础上作相应的应用扩展。最后给出实际 的使用测试数据，证明方案的可行性。 关键词：信息安全；单向导入；单向传输；单向协议；传输协议。 I Ab Abstract Abstract Government departments and army forces are always worried about how to protect sensitive and secret information. When it comes to the situation that needs to communicate with public networks, people in these departments always copy data by hands using CDs, DVDs, or USB devises, which not only will reduce the efficiency seriously, but also can give rise to even worse result when such devises were lost or even stolen with ulterior motives. Therefore, National Administration for the Protection of State Secrets refers expressly that information systems that refer to national security should be isolated physically and should not be connected with public networks directly or indirectly [1]. However, another phenomenon called ‘the information silo’ happened when disconnect with the public, which is not benefit to the departments themselves. Data transport systems like FGAP resolve this problem. They base on non-feedback data transport protocol, and allow packets to be transmitted to target network without any risk in a unidirectional way. This thesis studied the principle and key technologies of unidirectional transport protocol, and made a detailed analysis some products of isolation system, and summed up the architecture and module composition for a unidirectional data transmission system and made a description of its implementation. This thesis ended with some functional tests and performance tests to prove the feasi