To satisfy the interconnection requirements of classified information system, defining different security domains can make each domain’s responsibility very clearly. We propose a method that is helpful to select proper security domain boundary protection policy and exchange information between different security domains. Then we propose a method to protect the boundary of security domains based on interface segregation and uniifcation, this method can decrease the cost of classiifed information system’s management and enhance the security of classiifed information system.%针对当前涉密系统互联互通需求,将涉密信息系统不同的安全域进行划分能够明确不同安全域的边界和各个安全域的职责。文章提出一种划分方式,这种划分有助于选择适当的安全域边界防护策略和安全域间的信息交换的进行。接着提出一种基于接口分离和归一化的安全域边界防护方法,降低涉密信息系统的安全保密管理成本,增强涉密信息系统的安全性。
展开▼