信息网络安全 ›› 2024, Vol. 24 ›› Issue (5): 794-801.doi: 10.3969/j.issn.1671-1122.2024.05.012

• 技术研究 • 上一篇    下一篇

铁路运行环境下ERT可信根实体的软件化技术研究

王巍1(), 胡永涛2, 刘清涛3, 王凯崙1   

  1. 1.北京交通大学计算机与信息技术学院,北京 100044
    2.公安部第三研究所,上海 200031
    3.北京铁路通信技术中心,北京 100038
  • 收稿日期:2024-01-04 出版日期:2024-05-10 发布日期:2024-06-24
  • 通讯作者: 王巍 E-mail:wanwe000@163.com
  • 作者简介:王巍(1979—),男,河北,博士研究生,主要研究方向为网络和信息安全|胡永涛(1976—),男,浙江,研究员,硕士,CCF会员,主要研究方向为网络安全、密码学应用、数据安全|刘清涛(1981—),男,北京,高级工程师,硕士,主要研究方向为铁路通信系统有线通信、GSM-R铁路专用移动通信系统、网络安全|王凯崙(1998—),男,北京,博士研究生,主要研究方向为数据安全
  • 基金资助:
    国家重点研发计划(2020YFB2103800);中国国家铁路集团有限公司科技研究开发计划(K2022W005)

Research on Softwaization Techniques for ERT Trusted Root Entity in Railway Operation Environment

WANG Wei1(), HU Yongtao2, LIU Qingtao3, WANG Kailun1   

  1. 1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
    2. Third Research Institute of the Ministry of Public Security, Shanghai 200031, China
    3. Beijing Railway Communication Technology Center, Beijing 100038, China
  • Received:2024-01-04 Online:2024-05-10 Published:2024-06-24
  • Contact: WANG Wei E-mail:wanwe000@163.com

摘要:

为保障铁路系统的信息安全,文章提出一种铁路运行环境下可信根实体(Entity of Root of Trust,ERT)的软件化技术,在内核中实现强制访问控制功能,通过操作系统内核的修改或扩展,实现更为细粒度和强大的权限管理。同时考虑到轻量级场景下部分设备存在计算能力弱、存储空间有限和电源供应不稳定等问题,提出一种轻量级可信计算体系,最大程度满足可信计算要求。通过实施内核级的强制访问控制和轻量级的可信计算体系改造,缓解未知风险对关键信息基础设施的威胁,为铁路系统的安全性提供保障。

关键词: 铁路系统信息安全, ERT可信根实体, 强制访问控制, 可信计算体系

Abstract:

In order to guarantee the information security of railway system, the article proposed a software-based technology of entity of root of Trust(ERT) in railway operation environment, which implemented the mandatory access control function in kernel, and realized a more fine-grained and powerful privilege management through the modification or extension of operating system kernel. Meanwhile, considering the problems of weak computing capability, limited storage space and unstable power supply of some devices in lightweight scenarios, a lightweight trusted computing system is proposed to maximally meet the requirements of trusted computing. Through the implementation of kernel-level mandatory access control and the transformation of the lightweight trusted computing system, the threat of unknown risks to critical infrastructure is mitigated, and a solid guarantee is provided for the security of the railroad system.

Key words: railway system information security, ERT trusted root entity, mandatory access control, trusted computing system

中图分类号: