摘要
铁路客票系统属于国家关键信息基础设施,其运行安全关乎国家安全和人民安全。通过将主机上的访问行为映射到网络层面,提出对网络行为进行5×5要素界定的访问控制体系,以此解除对操作系统的依赖,实现对传输控制协议/网际协议(TCP/IP)5层模型全覆盖。将此思想应用于铁路客票系统,能在特定的网络服务点施行访问控制,并对不同的层次执行强度不同的访问控制,还可以在底层检测出某些非法的访问行为,避免后续操作,从而节省计算和内存资源,提升网络性能,并保证了铁路客票系统的威胁可追溯性、数据机密性以及程序完整性。
The railway ticket system belongs to the country’s key information infrastructure, and its safe operation is related to national and people’s security. By mapping the access behavior on the host to the network level, an access control system that defines the network behavior by 5×5 elements is proposed. In this way, the dependence on the operating system is relieved, and the full coverage of the TCP/IP(Transmission Control Protocol/Internet Protocol) five-layer model is realized. Applying this idea to the railway ticket system can implement access control at specific network service points, and perform mandatory access control with different strengths at different levels. It can also detect some illegal access behaviors at the bottom layer and avoid its subsequent operations, thereby saving calculations, memory resources, improving network performance, and ensuring the threat traceability, data confidentiality and program integrity of the railway ticket system.
作者
姚倩
宋晶
戚建淮
YAO Qian;SONG Jing;QI Jianhuai(China Railway Chengdu Group Co.,Ltd.,Chengdu Sichuan 610081,China;Southwest Jiaotong University,Chengdu Sichuan 610031,China)
出处
《通信技术》
2022年第1期122-126,共5页
Communications Technology
关键词
强制访问控制
网络行为
铁路客票系统
编码赋码
5×5要素界定
mandatory access control
network behavior
railway ticket system
code assignment
5×5 elements definition
