摘要
为保障铁路系统的信息安全,文章提出一种铁路运行环境下可信根实体(Entity of Root of Trust,ERT)的软件化技术,在内核中实现强制访问控制功能,通过操作系统内核的修改或扩展,实现更为细粒度和强大的权限管理。同时考虑到轻量级场景下部分设备存在计算能力弱、存储空间有限和电源供应不稳定等问题,提出一种轻量级可信计算体系,最大程度满足可信计算要求。通过实施内核级的强制访问控制和轻量级的可信计算体系改造,缓解未知风险对关键信息基础设施的威胁,为铁路系统的安全性提供保障。
In order to guarantee the information security of railway system,the article proposed a software-based technology of entity of root of Trust(ERT)in railway operation environment,which implemented the mandatory access control function in kernel,and realized a more fine-grained and powerful privilege management through the modification or extension of operating system kernel.Meanwhile,considering the problems of weak computing capability,limited storage space and unstable power supply of some devices in lightweight scenarios,a lightweight trusted computing system is proposed to maximally meet the requirements of trusted computing.Through the implementation of kernel-level mandatory access control and the transformation of the lightweight trusted computing system,the threat of unknown risks to critical infrastructure is mitigated,and a solid guarantee is provided for the security of the railroad system.
作者
王巍
胡永涛
刘清涛
王凯崙
WANG Wei;HU Yongtao;LIU Qingtao;WANG Kailun(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China;Third Research Institute of the Ministry of Public Security,Shanghai 200031,China;Beijing Railway Communication Technology Center,Beijing 100038,China)
出处
《信息网络安全》
CSCD
北大核心
2024年第5期794-801,共8页
Netinfo Security
基金
国家重点研发计划[2020YFB2103800]
中国国家铁路集团有限公司科技研究开发计划[K2022W005]。
关键词
铁路系统信息安全
ERT可信根实体
强制访问控制
可信计算体系
railway system information security
ERT trusted root entity
mandatory access control
trusted computing system
