基于身份识别的USB边界防护系统设计与实现

发布时间：2018-08-02 16:17

【摘要】：高科技和信息化的迅猛发展深刻影响到社会的各个领域,政府部门、科研院所对信息数据越来越重视,把数据作为日常运作、决策的核心依据。USB以其“即插即用”的便捷特点早已成为计算机与外设接口的通用标准,承载着信息数据交换的重任。在涉密单位中,各类USB接口的计算机外设以其便捷易用等特点也有广泛的应用,USB设备在便捷科研生产的同时,给保密工作也带来不小的隐患。近年来涉密单位中因违规使用优盘带来的失泄密事件时有发生,为解决以上问题,国家相关部门在涉密单位大力推广“三合一”等产品,极大减少了这类事件的发生。但“三合一”等产品的部署还是有很多问题,无法做到从根源上来控制USB设备的违规使用。本设计从需求出发,设计开发出了一套基于身份识别的USB边界防护系统,旨在解决现阶段USB存储设备管理存在的问题。本文以USB边界防护系统为例,在充分了解设计需求的前提下,从硬件与软件两个方面进行系统的设计开发工作。在硬件设计中,根据设计要求,选用三星高性能的Exynos4412四核Cortex-A9处理器作为核心控制器,选用HD3SS6126高性能无源切换开关,作为控制电路的核心切换开关。在核心硬件确定的基础上,完成USB边界防护系统电路原理图的设计。在软件设计中,依据GPIO驱动程序的开发流程,实现对切换开关、led灯等驱动程序的开发;采用Netlink热拔插监控技术,实现快速、准确、高效的检测到接入系统的USB设备,为设备的正确解析提供保障。并且分析USB存储设备的设备描述符与字符串描述符,并将其作为设备唯一性标识符,为身份识别提供依据。本文设计的USB边界防护系统,安装、使用便捷。经过测试,满足设计需求。提高了涉密计算机,非密单机和测试机的监管力度,从传统的被动处理方式转变为主动防护,减少了因为人为疏忽等造成的资产损失,提高了信息安全水平。
[Abstract]:The rapid development of high technology and information technology has a profound impact on all fields of society. Government departments and scientific research institutes pay more and more attention to information data and take data as their daily operation. USB, the core basis of decision making, has already become the general standard of computer and peripheral interface with its convenient characteristic of "plug and play", carrying the heavy task of information data exchange. In secret units, all kinds of computer peripherals of USB interface have been widely used in scientific research and production, and have brought great hidden trouble to the security work at the same time. In recent years, in order to solve the above problems, the relevant departments of the state vigorously promote the products such as "three in one" in secret units, which greatly reduce the occurrence of this kind of incidents. However, there are still many problems in the deployment of products such as Triple in one, unable to control the illegal use of USB devices at the root. Based on the requirement, a USB boundary protection system based on identity recognition is designed and developed in this paper, which aims to solve the problems existing in the management of USB storage devices at the present stage. This paper takes the USB boundary protection system as an example, on the premise of fully understanding the design requirements, designs and develops the system from two aspects of hardware and software. In the hardware design, according to the design requirements, Samsung high-performance Exynos4412 quad-core Cortex-A9 processor is selected as the core controller, and the HD3SS6126 high-performance passive switching switch is selected as the core switching switch of the control circuit. Based on the determination of core hardware, the circuit schematic design of USB boundary protection system is completed. In the software design, according to the development flow of GPIO driver, the development of switch led lamp and other drivers is realized, and the Netlink hot plug monitoring technology is adopted to realize the fast, accurate and efficient detection of USB equipment connected to the system. Provide the guarantee for the correct analysis of the equipment. The device descriptor and string descriptor of the USB storage device are analyzed and used as the unique identifier of the device to provide the basis for identification. The USB boundary protection system designed in this paper is easy to install and use. After testing, meet the design requirements. The supervision of secret computer, non-secret single machine and test machine is improved, the traditional passive processing method is changed into active protection, the loss of assets caused by human negligence is reduced, and the level of information security is improved.
【学位授予单位】：中北大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP334.7

【参考文献】