Building a High-performance Communication Framework for Network Isolation System

Network isolation is a new solution for network security. It can protect inner network more efficiently from intrusion. In network isolation system, a high-performance communication platform is necessary for building the entire security architecture. In this paper, we mainly utilize application proxy and its differentiated services (DS) to achieve it. Firstly, we research the architecture of network isolation system and present a suitable proxy model by applying I/O multiplexing technique. And then, we present a feasible realization method of the proxy by using epoll in the proxy sub-system, whilst we illustrate the realization process in detail. Furthermore, we research QoS of the sub-system and present a realization method of its DS. At last, we research configuration and management of the system.

[1]  Michael K. Johnson,et al.  Linux Application Development , 1998 .

[2]  Chen-Khong Tham,et al.  A framework of integrating network QoS and end system QoS , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[3]  K. Juszkiewicz,et al.  UNIX Network Programming, Volume 1: The Sockets Networking , 2004, IEEE Communications Magazine.

[4]  Shan Zhi Web Quality of Service:A Survey , 2004 .

[5]  Rocky K. C. Chang,et al.  A Transport-Level Proxy for Secure Multimedia Streams , 2000, IEEE Internet Comput..

[6]  George Pavlou,et al.  Admission control for providing QoS in DiffServ IP networks: the TEQUILA approach , 2003, IEEE Commun. Mag..

[7]  Stefan Lindskog,et al.  Data Protection Based on Physical Separation: Concepts and Application Scenarios , 2005, ICCSA.