论文信息 - Lock-Keeper: A New Implementation of Physical Separation Technology

Lock-Keeper: A New Implementation of Physical Separation Technology

“Physical Separation” is a simple, but hard to be realized, security concept. The paper proposes a new implementation of this principle, named Lock-Keeper. By means of the SingleGate Lock-Keeper system, which is an initial realization of the Lock-Keeper technology, the possibility of direct network attacks to a protected network can be eliminated entirely and data can be exchanged between two networks through a completely secure and reliable way. The analysis on comparing the Lock-Keeper with other similar “Physical Separation” approaches shows that this new implementation has a lot of remarkable innovations. As an advanced implementation, the DualGate Lock-Keeper is proposed by including another new “gate” unit. Along with this development, the Lock-Keeper’s performance on data transfer, especially the throughput, is improved significantly as well as some other new functional characteristics appear to make the Lock-Keeper technology more efficient, flexible and applicable. In addition, several application scenarios are revealed to explain how the Lock-Keeper can be integrated into complex structures and provide a higher level of security.

Christoph Meinel | Feng Cheng | C. Meinel | Feng Cheng

[1] Bill Cheswick,et al. Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[2] JOHN P. L. WOODWARD. Applications for multilevel secure operating systems , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3] Darren Reed,et al. Security Considerations for IP Fragment Filtering , 1995, RFC.

[4] Robert J. Brunner,et al. Java Web Services Unleashed , 2002 .

[5] Perry B. Gentry. What is a VPN? , 2001, Inf. Secur. Tech. Rep..

[6] Dorothy E. Denning. Cryptographic Checksums for Multilevel Database Security , 1984, 1984 IEEE Symposium on Security and Privacy.

[7] Ira S. Moskowitz,et al. A pump for rapid, reliable, secure communication , 1993, CCS '93.

[8] Christoph Meinel,et al. The flood-gate principle - a hybrid approach to a high security solution , 1998, ICISC.

[9] Klaus Brunnstein. Beastware (Viren, Würmer, trojanische Pferde): Paradigmen Systemischer Unsicherheit , 1994 .