| 摘要 |
A security apparatus positioned between at least one domain having a level of trust or of sensitivity A and at least one domain having a level of trust or sensitivity B, bearing in mind that the level A is different from the level B, comprises a virtualization software layer V implemented on the physical layer H and positioned between said physical layer H and at least one set consisting of at least three different compartmentalized blocks having different sensitivity levels, BLA, BLB, MDS. The compartmentalized blocks rest on the physical layer H and the virtualization layer and the blocks include at least one of: a network block A, BLA, comprising all the network functions used to process data of security level A, a network block B, BLB, comprising all the network functions used to process data of security level B, and a security module software block, MDS, or airlock positioned between at least one block of BLA type and at least one block of BLB type, said security module being designed to monitor the exchanges of data between said blocks BLA and BLB, said security module comprising all the security, filtering or cryptographic function transformations.
|
