發(fā)布時(shí)間：2018-08-02 16:17

【摘要】：高科技和信息化的迅猛發(fā)展深刻影響到社會(huì)的各個(gè)領(lǐng)域,政府部門、科研院所對(duì)信息數(shù)據(jù)越來越重視,把數(shù)據(jù)作為日常運(yùn)作、決策的核心依據(jù)。USB以其“即插即用”的便捷特點(diǎn)早已成為計(jì)算機(jī)與外設(shè)接口的通用標(biāo)準(zhǔn),承載著信息數(shù)據(jù)交換的重任。在涉密單位中,各類USB接口的計(jì)算機(jī)外設(shè)以其便捷易用等特點(diǎn)也有廣泛的應(yīng)用,USB設(shè)備在便捷科研生產(chǎn)的同時(shí),給保密工作也帶來不小的隱患。近年來涉密單位中因違規(guī)使用優(yōu)盤帶來的失泄密事件時(shí)有發(fā)生,為解決以上問題,國(guó)家相關(guān)部門在涉密單位大力推廣“三合一”等產(chǎn)品,極大減少了這類事件的發(fā)生。但“三合一”等產(chǎn)品的部署還是有很多問題,無法做到從根源上來控制USB設(shè)備的違規(guī)使用。本設(shè)計(jì)從需求出發(fā),設(shè)計(jì)開發(fā)出了一套基于身份識(shí)別的USB邊界防護(hù)系統(tǒng),旨在解決現(xiàn)階段USB存儲(chǔ)設(shè)備管理存在的問題。本文以USB邊界防護(hù)系統(tǒng)為例,在充分了解設(shè)計(jì)需求的前提下,從硬件與軟件兩個(gè)方面進(jìn)行系統(tǒng)的設(shè)計(jì)開發(fā)工作。在硬件設(shè)計(jì)中,根據(jù)設(shè)計(jì)要求,選用三星高性能的Exynos4412四核Cortex-A9處理器作為核心控制器,選用HD3SS6126高性能無源切換開關(guān),作為控制電路的核心切換開關(guān)。在核心硬件確定的基礎(chǔ)上,完成USB邊界防護(hù)系統(tǒng)電路原理圖的設(shè)計(jì)。在軟件設(shè)計(jì)中,依據(jù)GPIO驅(qū)動(dòng)程序的開發(fā)流程,實(shí)現(xiàn)對(duì)切換開關(guān)、led燈等驅(qū)動(dòng)程序的開發(fā);采用Netlink熱拔插監(jiān)控技術(shù),實(shí)現(xiàn)快速、準(zhǔn)確、高效的檢測(cè)到接入系統(tǒng)的USB設(shè)備,為設(shè)備的正確解析提供保障。并且分析USB存儲(chǔ)設(shè)備的設(shè)備描述符與字符串描述符,并將其作為設(shè)備唯一性標(biāo)識(shí)符,為身份識(shí)別提供依據(jù)。本文設(shè)計(jì)的USB邊界防護(hù)系統(tǒng),安裝、使用便捷。經(jīng)過測(cè)試,滿足設(shè)計(jì)需求。提高了涉密計(jì)算機(jī),非密單機(jī)和測(cè)試機(jī)的監(jiān)管力度,從傳統(tǒng)的被動(dòng)處理方式轉(zhuǎn)變?yōu)橹鲃?dòng)防護(hù),減少了因?yàn)槿藶槭韬龅仍斐傻馁Y產(chǎn)損失,提高了信息安全水平。
[Abstract]:The rapid development of high technology and information technology has a profound impact on all fields of society. Government departments and scientific research institutes pay more and more attention to information data and take data as their daily operation. USB, the core basis of decision making, has already become the general standard of computer and peripheral interface with its convenient characteristic of "plug and play", carrying the heavy task of information data exchange. In secret units, all kinds of computer peripherals of USB interface have been widely used in scientific research and production, and have brought great hidden trouble to the security work at the same time. In recent years, in order to solve the above problems, the relevant departments of the state vigorously promote the products such as "three in one" in secret units, which greatly reduce the occurrence of this kind of incidents. However, there are still many problems in the deployment of products such as Triple in one, unable to control the illegal use of USB devices at the root. Based on the requirement, a USB boundary protection system based on identity recognition is designed and developed in this paper, which aims to solve the problems existing in the management of USB storage devices at the present stage. This paper takes the USB boundary protection system as an example, on the premise of fully understanding the design requirements, designs and develops the system from two aspects of hardware and software. In the hardware design, according to the design requirements, Samsung high-performance Exynos4412 quad-core Cortex-A9 processor is selected as the core controller, and the HD3SS6126 high-performance passive switching switch is selected as the core switching switch of the control circuit. Based on the determination of core hardware, the circuit schematic design of USB boundary protection system is completed. In the software design, according to the development flow of GPIO driver, the development of switch led lamp and other drivers is realized, and the Netlink hot plug monitoring technology is adopted to realize the fast, accurate and efficient detection of USB equipment connected to the system. Provide the guarantee for the correct analysis of the equipment. The device descriptor and string descriptor of the USB storage device are analyzed and used as the unique identifier of the device to provide the basis for identification. The USB boundary protection system designed in this paper is easy to install and use. After testing, meet the design requirements. The supervision of secret computer, non-secret single machine and test machine is improved, the traditional passive processing method is changed into active protection, the loss of assets caused by human negligence is reduced, and the level of information security is improved.
【學(xué)位授予單位】：中北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP334.7

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 曹操;;USB Hub沒想象的那么簡(jiǎn)單[J];電腦愛好者;2016年12期

2 李晉惠;申建偉;;嵌入式Linux下的GPIO字符設(shè)備驅(qū)動(dòng)程序的開發(fā)及應(yīng)用[J];計(jì)算機(jī)光盤軟件與應(yīng)用;2013年14期

3 郭楠;;淺談局域網(wǎng)的安全性分析[J];中國(guó)西部科技;2013年02期

4 馬麗潔;李占嶺;;基于S3C2410和LINUX的觸摸屏驅(qū)動(dòng)[J];電子世界;2011年15期

5 易偉;徐欣;孫兆林;;基于WDF的PXIe接口驅(qū)動(dòng)程序開發(fā)[J];微處理機(jī);2011年04期

6 彭s，

本文編號(hào)：2159991