物理隔离脆弱性分析及对策

针对“网震”和“斯诺登”事件物理隔离存在边界安全被突破的事实，其能否起到真正安全隔离作用成为重点关注的问题。文章介绍了物理隔离的三个实现技术及其2个演化进程并对每一个进程做个安全性分析，指出了目前物理隔离存在的安全问题，给出了建立新型物理隔离边界安全防护的建议是建立全局文件交换管理体系、统一文件交换格式、建立物理电磁泄漏发射防护要求、防内存泄漏等，进而提出基于单向导入技术和量子密码技术物理隔离新的组网方式并分析了适用场景，提出了安全隔离和信息交换系统应解决的一系列问题，指出新兴密码技术对物理隔离是一个终结挑战。希望文章的研究结果能对网络边界安全防护工作的进一步开展起到积极的重大推动作用。

Analysis of Physics Isolation Vulnerability and Its Countermeasure

In view of the “Stuxnet” and “Snowden” events, physical isolation exists the fact that network security perimeter has been broken,and its real security isolation effect arouse bitter controversy. This paper introduces three implementation technology approaches and two evolution processes of physical isolation and make safety analysis of each process. Some proposals related to physical isolation security problems are discussed;for instance, to establish global file exchange management system, to unify file exchange format, to establish electromagnetic compromising emanation protection requirements and to prevent memory information leakage. The network connection new methods based on one-way input technology and quantum cryptography are proposed, and its applicable occasions are analyzed. Problems to be solved on security segregation and information-exchanging product are proposed and emerging cryptology technology will be the end of physical isolation. It hope that the research results to the further development of network security perimeter protection work play a positive role.