CN110290128A - A kind of Network Isolation and switching control method and device based on service security label - Google Patents
A kind of Network Isolation and switching control method and device based on service security label Download PDFInfo
- Publication number
- CN110290128A CN110290128A CN201910536196.9A CN201910536196A CN110290128A CN 110290128 A CN110290128 A CN 110290128A CN 201910536196 A CN201910536196 A CN 201910536196A CN 110290128 A CN110290128 A CN 110290128A
- Authority
- CN
- China
- Prior art keywords
- data
- service security
- label
- marking
- transmitting terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention proposes a kind of Network Isolation and switching control method and device based on service security label, belong to network technique field, the service security label being had by identifying data, the service security attribute informations such as security level, the class of service for including according to label, data are controlled respectively in transmitting terminal, receiving end, to realize that fine-grained Network Isolation exchange is managed with data.
Description
Technical field
The present invention relates to a kind of methods that service security attribute according to data carries out Network Isolation exchange control to data
And device, belong to network technique field.
Technical background
When carrying out Network Isolation and data exchange under across a network, across security domain scene, traditional unidirectional importing, gateway etc.
Security isolation mainly passes through removing agreement with Information Exchange System and carries out checking and killing virus, information filtering inspection to the data exchanged
Etc. modes improve the safety exchanged between network, can not the service security attribute based on data the data that exchange network are carried out
Fine granularity control, it is also difficult to which preventing malice code carries out unauthorized exchange.
Summary of the invention
It is of the invention for fine granularity isolation exchange and security management and control demand of the data resource under inter-network, cross-domain environment
Purpose is to propose a kind of Network Isolation and switching control method and device based on service security label, by identifying data band
Some service security label, the service security attribute information such as security level, class of service for including according to label, transmitting terminal,
Receiving end respectively controls data, to realize that fine-grained Network Isolation exchange is managed with data.
To achieve the above object, the present invention using it is a kind of based on service security label Network Isolation with exchange controlling party
Method, method includes the following steps:
Step1: marking of control strategy is respectively configured for transmitting terminal and receiving end, marking of control strategy is to have based on data
Service security tag definitions relevant matches rule, corresponding control row is taken to the data with specific transactions safety label
For;
Step2: after transmitting terminal receives data to be imported, check whether data have service security label and according to transmitting terminal
The marking of control strategy of configuration carries out respective handling, comprising: if data are marked without service security and transmitting terminal configures
Marking of control strategy forbid data untagged to import, then record log and do respective handling;If data are pacified without business
The marking of control strategy permission data untagged importing of all mark and transmitting terminal configuration, then be the formatting number to one-way transmission
One-way transmission is executed after adding specified service security label automatically according to block;If data are marked with service security, logarithm
According to service security label checked, pass through if checking, the service security of data label be added to unidirectionally pass
One-way transmission is executed after defeated block of formatted data, otherwise record log and does respective handling;
Step3: after receiving end receives the block of formatted data of one-way transmission, check whether the data block has service security
It marks and respective handling is carried out according to the marking of control strategy of receiving end configuration, comprising: if data block is without service security
Label then record log and does respective handling;If data block have safety label, to the service security of data block mark into
Row checks, and passes through if checking, restores the data imported based on data block, otherwise record log and does respective handling.
Further, service security labeled as multi-component system M=<C, G, F comprising multiple business security attribute>, wherein C is
Security level, G are service security attribute set, and F is operation controlled attribute set, and service security attribute set G includes business
Classification, working group, role, environmental requirement, operation controlled attribute set F include Read-write Catrol, print control, imprinting control,
Copy control.
Further, service security label includes that the service security of information object marks M (r)=< Cr,Gr,Fr> and system
The service security of object marks M (o)=< Co,Go>, wherein information object includes data, system object include application, service, into
Journey.
Further, there are two types of the relationships between M (o) and M (r): dominate with it is not comparable;Work as Co≥CrAndNote
For M (o) >=M (r), then there is dominance relation between M (o) and M (r), indicates that system object can dominate information object;If M (o)
Dominance relation is not present between M (r), then is therebetween not comparable relationship, indicates that system object haves no right to dominate information object.
Further, ifThen main body should be according to FrThe operation controlled attribute limitation for including carries out resource corresponding
Operation.
Further, marking of control strategy is represented by R=<C, and G>, wherein R is marking of control strategy, which indicates
Meet the set of the information object of specified attribute.
It further, is a transmitting terminal s configuration flag control strategy Rs=< Cs,Gs>, RsThe business of specified information object
Safety label is M (s)=< Cs,Gs>, if M (s) >=M (r), indicates that transmitting terminal checks and pass through;Phase is configured for a receiving end g
The marking of control strategy R answeredg=< Cg,Gg>, RgThe service security of specified information object is labeled as M (g)=< Cg,Gg>, it receives
It holds the service security of the data block of identification to mark M (r '), if M (g) >=M (r '), indicates that receiving end checks and pass through.
Further, the respective handling includes alarm, abandons, forwards or audit.
To achieve the above object, the present invention also provides it is a kind of based on service security label Network Isolation with exchange control
Device mainly includes transmitting terminal label control module, receiving end label control module;
Transmitting terminal label control module: for configuring transmitting terminal marking of control strategy, identification imported into the data of transmitting terminal
Service security label, and checked with the marking of control strategy of transmitting terminal configuration, according to inspection result by data
Service security label, which is added to after the block of formatted data of one-way transmission, executes one-way transmission, or carries out record log to data
And do respective handling;
Receiving end label control module: for configuring receiving end marking of control strategy, receiving end block of formatted data is identified
Service security label, and with receiving end configuration marking of control strategy checked, according to inspection result restore import
Data, or data block is carried out record log and to do respective handling.
Further, in receiving end label control module, the respective handling includes alarm, discarding, forwarding or audit.
Compared with prior art, the positive effect of the present invention are as follows:
By correctly configuring the marking of control strategy for the data transmission channel being made of transmitting terminal and receiving end, can be based on
The service security label of data carries out fine granularity control to the data of one-way transmission, supports the safety such as unidirectional introducing equipment, gateway
Isolation carries out fine-grained data control with Information Exchange System, and further promotes internet security.For example, by configuring this
Device can unidirectionally imported into internal network from internet only to allow the data of specific transactions content;It can also support high-level
The data flow low level security domain of lower security grade in security domain, but still the data flow low level of high safety grade is forbidden to pacify
Universe;It can be found that data untagged or abnormal marking data that malicious code is sent, prevent the unauthorized business of camouflage in time
Data outflow.
Detailed description of the invention
Fig. 1 is a kind of Network Isolation and switching control method flow chart based on service security label.
Fig. 2 be it is a kind of based on service security label Network Isolation (unidirectionally led with exchange control device module relation diagram
Enter).
Fig. 3 is a kind of Network Isolation and exchange control device module relation diagram (Two-way Network based on service security label
Lock).
Specific embodiment
Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings, it should be understood that embodiment described herein
Only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
A kind of Network Isolation and switching control method based on service security label that the present embodiment proposes, Fig. 1 is we
The step of flow chart of method, this method, is described as follows.
1. configuration flag control strategy
Service security marks M for a multi-component system comprising multiple business security attribute, M=<C, G, and F>.Wherein C is peace
Full rank;G is multiple service security attribute giSet, G={ g1,g2,…gn, giIt can be class of service, working group, angle
The service security attribute such as color, environmental requirement;F is operation controlled attribute fjSet, F={ f1,f2,…fm, fjIt can be read-write
The operation generic attributes such as control, print control, imprinting control, copy control.
Under the abstract definition, the service security of the information objects such as data (resource) is denoted as M (r)=< Cr,Gr,Fr>,
M (o)=< C is denoted as using the service security of, service and the system objects (main body) such as processo,Go>.Body mark M (o) with
There are two types of relationships between resource mark M (r): dominate with it is not comparable.It marks M (o) to dominate label M (r), works as Co≥CrAndIt is denoted as M (o) >=M (r), indicates that main body can dominate object (resource).If there is no dominate to close between M (o) and M (r)
System, then not comparable between them, main body haves no right to dominate object (resource).IfThen main body should include according to the label
Concrete operations controlled attribute fjLimitation carries out corresponding operating to resource.
Since information object (resource) and system object (main body) service security label are all made of attribution method definition, because
This, mark of correlation control strategy is also defined using similar attribution method.Marking of control strategy R can be expressed as R=< C,
G >, show the set for meeting the information object of specified attribute.Therefore, regular RsThe service security of specified information object marks
M (s)=< C can also be denoted ass,Gs>.When carrying out strategy matching inspection, if M (s) >=M (r), the business of information object r is pacified
All mark meets marking of control policing rule Rs。
It can be certain transmitting terminal s configuration flag control strategy R according to above-mentioned abstract definition methods=< Cs,Gs>, it is corresponding
Receiving end g configures corresponding marking of control strategy Rg=< Cg,Gg>。
2. data untagged one-way transmission controls
(step1): when the data that transmitting terminal identifies that discovery imports are marked without service security, if transmitting terminal forbids nothing
Flag data imports, then record log and to data record log and to execute the respective handlings such as alarm, discarding, forwarding or audit dynamic
Make;If transmitting terminal allows data untagged to import, and has preset specified service security for data untagged and marked Mx, then turn
Enter (step2), otherwise record log and to data execute alarm, discarding, forwarding or audit etc. respective handlings act, process knot
Beam.
(step2): transmitting terminal is that the service security specified to the block of formatted data addition of one-way transmission marks Mx, then
Data block is one-way transmitted to receiving end.
(step3): receiving end checks whether data block has service security label, if marked with service security,
It is transferred to (step4);If marked without service security, receiving end executes alarm, discarding, forwarding or audit etc. to data block
Respective handling movement, and record log.
(step4): data block service security label M (r '), and the label control with receiving end configuration are extracted in receiving end identification
Make strategy RgIt is checked, if successful match, is transferred to (step5);If matching is unsuccessful, data block is held in receiving end
The respective handlings movement such as row alarm, discarding, forwarding or audit, and record log.
The matching rule are as follows: M (g) >=M (r ') if it exists, then successful match, otherwise matches unsuccessful.
(step5): restoring Data Concurrent and send to related system in receiving end.
3. tagged data one-way transmission controls
(step1): transmitting terminal identifies and extracts service security label M (r) of data, the marking of control with transmitting terminal configuration
Tactful RsIt is checked, if successful match, is transferred to (step2);If matching is unsuccessful, to data execute alarm,
The respective handlings movement such as discarding, forwarding or audit, and record log.
The matching rule are as follows: M (s) >=M (r) if it exists, then successful match, otherwise matches unsuccessful.
(step2): service security label M (r) of data is then added to the format data to one-way transmission by transmitting terminal
In block, data block is then one-way transmitted to receiving end.
(step3): receiving end checks whether data block has service security label, if marked with service security,
It is transferred to (step4);If marking without service security, it is dynamic that the respective handlings such as alarm, discarding, forwarding or audit are executed to data
Make, and record log.
(step4): the service security that data block is extracted in receiving end identification marks M (r '), and the label with receiving end configuration
Control strategy gjIt is matched, if successful match, is transferred to (step5), if matching is unsuccessful, announcement is executed to data block
The respective handlings movement such as alert, discarding, forwarding or audit, and record log.
The matching rule are as follows: M (g) >=M (r ') if it exists, then successful match, otherwise matches unsuccessful.
(step5): restoring Data Concurrent and send to related system in receiving end.
The present embodiment also provides a kind of Network Isolation and exchange control device based on service security label, for real
The existing above method, including transmitting terminal label control module, receiving end label control module.Transmitting terminal label control module is used for
Transmitting terminal marking of control strategy is configured, identification imported into the service security label of the data of transmitting terminal, and configured with transmitting terminal
Marking of control strategy is checked, and the service security label of data is added to the lattice to one-way transmission according to inspection result
One-way transmission is executed after formula data block, or data are abandoned, audited or are forwarded.Receiving end label control module: it uses
In configuration receiving end marking of control strategy, the service security label of identification receiving end block of formatted data, and configured with receiving end
Marking of control strategy checked, the data imported are restored according to inspection result or data block is abandoned, audits
Or forwarding.
Data exchange control may be implemented in the present apparatus: present apparatus transmitting terminal and receiving end constitute an one-way data in pairs
Transmission channel can be used for unidirectional introducing equipment, realize the fine granularity control of unidirectional data transmission, as shown in Figure 2.It can also use
In the security isolations such as gateway and message exchange equipment, the one-way transmission path opposite to both direction carries out fine granularity pipe respectively
Control, further increases the safety of network exchange, as shown in Figure 3.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this field
Personnel can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the spirit and scope of the present invention, this
The protection scope of invention should be subject to described in claims.
Claims (10)
1. a kind of Network Isolation and switching control method based on service security label, comprising the following steps:
Marking of control strategy is respectively configured for transmitting terminal and receiving end, marking of control strategy is the service security having based on data
Data with specific transactions safety label are taken corresponding controlling behavior by tag definitions relevant matches rule;
After transmitting terminal receives data to be imported, the label whether data have service security label and configure according to transmitting terminal is checked
Control strategy carries out respective handling, comprising: if the marking of control that data are marked without service security and transmitting terminal configures
Strategy forbids data untagged to import, then record log and does respective handling;If data without service security mark and
The marking of control strategy of transmitting terminal configuration allows data untagged to import, then adds automatically for the block of formatted data to one-way transmission
One-way transmission is executed after adding specified service security to mark;If data are marked with service security, the business of data is pacified
All mark is checked, and is passed through if checking, the service security label of data is added to the formatting to one-way transmission
One-way transmission is executed after data block, otherwise record log and does respective handling;
After receiving end receives the block of formatted data of one-way transmission, check whether the data block has service security label and basis
The marking of control strategy of receiving end configuration carries out respective handling, comprising: if data block is marked without service security, records
Log simultaneously does respective handling;If data block has safety label, the service security label of data block is checked,
Pass through if checking, restore the data imported based on data block, otherwise record log and does respective handling.
2. the method as described in claim 1, which is characterized in that service security is labeled as including the more of multiple business security attribute
Tuple M=<C, G, F>, wherein C is security level, and G is service security attribute set, and F is operation controlled attribute set, the business
Security attribute set G includes class of service, working group, role, environmental requirement, and operation controlled attribute set F includes read-write control
System, print control, imprinting control, copy control.
3. method according to claim 2, which is characterized in that service security label includes that the service security of information object marks
M (r)=< Cr,Gr,Fr>the service security with system object marks M (o)=<Co,Go>, wherein information object includes data, system
Object includes application, service, process.
4. method as claimed in claim 3, which is characterized in that there are two types of the relationships between M (o) and M (r): dominate with can not
Than;Work as Co≥CrAndIt is denoted as M (o) >=M (r), then there is dominance relation between M (o) and M (r), indicates system object
Information object can be dominated;If dominance relation is not present between M (o) and M (r), it is therebetween not comparable relationship, indicates system
System object haves no right to dominate information object.
5. method as claimed in claim 3, which is characterized in that ifThen main body should be according to FrThe operation control for including
Attribute limitation carries out corresponding operating to resource.
6. method as claimed in claim 3, which is characterized in that marking of control strategy is represented by R=<C, G>, wherein R is
Marking of control strategy, the formula indicate the set for meeting the information object of specified attribute.
7. method as claimed in claim 6, which is characterized in that be a transmitting terminal s configuration flag control strategy Rs=< Cs,Gs>,
RsThe service security of specified information object is labeled as M (s)=< Cs,Gs>, if M (s) >=M (r), indicate that transmitting terminal checks
Pass through;Corresponding marking of control strategy R is configured for a receiving end gg=< Cg,Gg>, RgThe service security mark of specified information object
It is denoted as M (g)=< Cg,Gg>, the service security of the data block of receiving end identification marks M (r '), if M (g) >=M (r '), indicates to receive
End, which checks, to be passed through.
8. the method as described in claim 1, which is characterized in that the respective handling includes alarm, abandons, forwards or audit.
9. a kind of Network Isolation and exchange control device based on service security label, comprising:
Transmitting terminal label control module, for configuring transmitting terminal marking of control strategy, identification imported into the industry of the data of transmitting terminal
It is engaged in safety label, and is checked with the marking of control strategy of transmitting terminal configuration, according to inspection result by the business of data
Safety label, which is added to after the block of formatted data of one-way transmission, executes one-way transmission, or carries out record log to data and do
Respective handling;
Receiving end label control module identifies the industry of receiving end block of formatted data for configuring receiving end marking of control strategy
Business safety label, and checked with the marking of control strategy of receiving end configuration, restore the number imported according to inspection result
It carries out record log according to or to data block and does respective handling.
10. device as claimed in claim 9, which is characterized in that the respective handling includes alarm, abandons, forwards or audit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910536196.9A CN110290128B (en) | 2019-06-20 | 2019-06-20 | Network isolation and exchange control method and device based on service security label |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910536196.9A CN110290128B (en) | 2019-06-20 | 2019-06-20 | Network isolation and exchange control method and device based on service security label |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110290128A true CN110290128A (en) | 2019-09-27 |
| CN110290128B CN110290128B (en) | 2021-02-19 |
Family
ID=68004356
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910536196.9A Active CN110290128B (en) | 2019-06-20 | 2019-06-20 | Network isolation and exchange control method and device based on service security label |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110290128B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111049851A (en) * | 2019-12-24 | 2020-04-21 | 中国电子科技集团公司第五十四研究所 | Multi-level and multi-dimensional linkage management and control system for cross-domain transmission service |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534300A (en) * | 2009-04-17 | 2009-09-16 | 公安部第一研究所 | System protection framework combining multi-access control mechanism and method thereof |
| CN101860526A (en) * | 2009-12-22 | 2010-10-13 | 中国航空工业集团公司第六三一研究所 | Method for controlling multilevel access to integrated avionics system |
| CN101876994A (en) * | 2009-12-22 | 2010-11-03 | 中国科学院软件研究所 | Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof |
| CN102486819A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息工程集团有限公司 | Reinforcing system |
| CN102495989A (en) * | 2011-12-21 | 2012-06-13 | 北京诺思恒信科技有限公司 | Subject-label-based access control method and system |
| CN102904889A (en) * | 2012-10-12 | 2013-01-30 | 北京可信华泰信息技术有限公司 | Cross-platform-unified-management-supported mandatory access controlling system and method |
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN103647772A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out trusted access controlling on network data package |
| CN105245543A (en) * | 2015-10-28 | 2016-01-13 | 中国人民解放军国防科学技术大学 | Operating system mandatory access control method based on security marker randomization |
| CN107016289A (en) * | 2017-02-15 | 2017-08-04 | 中国科学院信息工程研究所 | The thin terminal security method for establishing model of movement and device based on Web operating systems |
| CN107277023A (en) * | 2017-06-28 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of thin terminal access control method of movement based on Web, system and thin terminal |
| CN108270782A (en) * | 2018-01-15 | 2018-07-10 | 中国科学院信息工程研究所 | A kind of access control method and system based on safety label |
| CN109117313A (en) * | 2018-08-28 | 2019-01-01 | 成都信息工程大学 | A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method |
-
2019
- 2019-06-20 CN CN201910536196.9A patent/CN110290128B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534300A (en) * | 2009-04-17 | 2009-09-16 | 公安部第一研究所 | System protection framework combining multi-access control mechanism and method thereof |
| CN101860526A (en) * | 2009-12-22 | 2010-10-13 | 中国航空工业集团公司第六三一研究所 | Method for controlling multilevel access to integrated avionics system |
| CN101876994A (en) * | 2009-12-22 | 2010-11-03 | 中国科学院软件研究所 | Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof |
| CN102486819A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息工程集团有限公司 | Reinforcing system |
| CN102495989A (en) * | 2011-12-21 | 2012-06-13 | 北京诺思恒信科技有限公司 | Subject-label-based access control method and system |
| CN102904889A (en) * | 2012-10-12 | 2013-01-30 | 北京可信华泰信息技术有限公司 | Cross-platform-unified-management-supported mandatory access controlling system and method |
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN103647772A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out trusted access controlling on network data package |
| CN105245543A (en) * | 2015-10-28 | 2016-01-13 | 中国人民解放军国防科学技术大学 | Operating system mandatory access control method based on security marker randomization |
| CN107016289A (en) * | 2017-02-15 | 2017-08-04 | 中国科学院信息工程研究所 | The thin terminal security method for establishing model of movement and device based on Web operating systems |
| CN107277023A (en) * | 2017-06-28 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of thin terminal access control method of movement based on Web, system and thin terminal |
| CN108270782A (en) * | 2018-01-15 | 2018-07-10 | 中国科学院信息工程研究所 | A kind of access control method and system based on safety label |
| CN109117313A (en) * | 2018-08-28 | 2019-01-01 | 成都信息工程大学 | A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111049851A (en) * | 2019-12-24 | 2020-04-21 | 中国电子科技集团公司第五十四研究所 | Multi-level and multi-dimensional linkage management and control system for cross-domain transmission service |
| CN111049851B (en) * | 2019-12-24 | 2021-10-01 | 中国电子科技集团公司第五十四研究所 | Multi-level and multi-dimensional linkage management and control system for cross-domain transmission service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110290128B (en) | 2021-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2018516419A (en) | A computerized system that securely delivers and exchanges cyber threat information in a standardized format | |
| CN108270782B (en) | Access control method and system based on security label | |
| CN101622849B (en) | System and method for adding context to prevent data leakage over a computer network | |
| CN104299286A (en) | Attendance method and system for public security inspection tour | |
| CN108111536B (en) | Application-level secure cross-domain communication method and system | |
| CN105577639A (en) | Trusted device control messages | |
| KR102414334B1 (en) | Method and apparatus for detecting threats of cooperative-intelligent transport road infrastructure | |
| CN111567012A (en) | Decentralized automated phone fraud risk management | |
| CN109583229B (en) | Privacy information tracing and evidence obtaining method, device and system | |
| CN105516091A (en) | Secure flow filter and filtering method based on software defined network (SDN) controller | |
| CN110290128A (en) | A kind of Network Isolation and switching control method and device based on service security label | |
| CN102217248B (en) | Distributed packet flow checks and process | |
| CN102984125B (en) | A kind of system and method for Mobile data isolation | |
| CN102509057B (en) | Mark-based method for safely filtering unstructured data | |
| CN111181955A (en) | Session control method and device based on mark | |
| CN105227540A (en) | A kind of MTD guard system of event-triggered and method | |
| CN114254269A (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN108833383A (en) | Linkage defense system based on deep learning and agent | |
| Alberts et al. | Introduction to the security engineering risk analysis (SERA) framework | |
| US11831661B2 (en) | Multi-tiered approach to payload detection for incoming communications | |
| CN104112201A (en) | Electronic bill data transmitting and receiving methods and apparatuses | |
| He et al. | An industrial control systems incident response decision framework | |
| CN109063013A (en) | A kind of behavior database operation blocking-up method and device | |
| CN105376167A (en) | Distributed packet stream inspection and processing | |
| CN113807700A (en) | Method and system for issuing and receiving airplane on-wing command scheduling based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |