摘要
针对机载嵌入式系统实时性要求高、硬件资源受限、数据与任务安全防护薄弱的特点,对基于可信执行环境(TEE)的机载嵌入式数据安全技术展开研究。安全加固防护的对象为机载嵌入式系统中数据全生命周期的3个阶段,即数据存储、数据传输和数据使用的全过程。基于TEE环境特有的数据隔离特性,所提算法将数据存储中的加密算法、数据传输中的签名验签程序、数据使用过程中的敏感数据和敏感应用等与通用执行环境隔离起来,保证了不同任务之间能安全可靠地处理关键数据,并对其中用到的加密算法进行精简,在硬件资源受限的前提下保证了较好的实时性。仿真结果证明,所提算法安全性高,可靠性强,较以往方法效率更优化。
Considering the characteristics of airborne embedded systems,such as high real-time requirements,limited hardware resources and weak data and task security protection,this paper studies TEE-based airborne embedded data security technology.The object of security protection reinforcement is the three stages in the whole life cycle of data in airborne embedded systems,namely,data storage,data transmission and data use.Based on the unique data isolation feature of TEE environment,the encryption algorithm in data storage,the signature checking procedure in data transmission,the sensitive data and applications in data use are isolated from the general execution environment,which ensures the safe and reliable processing of key data between different tasks,and the encryption algorithm used in it is simplified,ensuring better real-time performance under the premise of limited hardware resources.The simulation results show that compared with the previous methods,the proposed algorithm has better safety,reliability and efficiency.
作者
张萌
陈水忠
徐恺
张宗正
ZHANG Meng;CHEN Shuizhong;XU Kai;ZHANG Zongzheng(National Key Laboratory of Space Based Information Perception and Fusion,Luoyang 471000,China;Luoyang Institute of Electro-Optical Equipment,AVIC,Luoyang 471000,China)
出处
《电光与控制》
CSCD
北大核心
2024年第1期87-91,共5页
Electronics Optics & Control
