|
|
论文:2022,Vol:40,Issue(3):530-537 |
|
|
引用本文: |
|
|
张双, 孔德岐, 王元勋, 万欣宇, 姚红静, 郭阳明. 基于虚拟化航电平台的网络域间安全通信技术[J]. 西北工业大学学报 |
|
|
ZHANG Shuang, KONG Deqi, WANG Yuanxun, WAN Xinyu, YAO Hongjing, GUO Yangming. Secure communication technology between network domains based on virtualization avionics platform[J]. Northwestern polytechnical university |
|
|
|
|
|
|
|
| 基于虚拟化航电平台的网络域间安全通信技术 |
|
| 张双1,2, 孔德岐2, 王元勋2, 万欣宇2, 姚红静1, 郭阳明1 |
|
1. 西北工业大学, 陕西 西安 710072;
2. 西安航空计算技术研究所, 陕西 西安 710068 |
| 摘要: |
| 新一代宽体飞机的信息化互联应用场景中,航电系统高安全的飞机控制域和低安全的航空公司信息服务域之间存在大量的实时数据双向交换,其安全隔离与信息流向保护等面临着日益严重的信息安全威胁。为此,建立基于虚拟化的航电双向安全通信架构,构建基于属性的多航电域访问控制模型,提出了合约安全关键数据保护和安全关键组件有效性实时监控设计。基于国产天脉操作系统和航电硬件平台的物理实现与验证结果表明:基于虚拟化的航电双向安全通信方法实现了安全关键组件的空间隔离,ACD网络数据收发时间均小于50 ms,ACD网络的消息收发速率均大于70 Mb/s,满足宽体飞机在航电平台虚拟化下网络域间安全通信性能需求,具有很好的实用价值。 |
| 关键词:
宽体飞机
虚拟化航电平台
网络域间安全通信
信息流访问控制
|
|
| Secure communication technology between network domains based on virtualization avionics platform |
|
| ZHANG Shuang1,2, KONG Deqi2, WANG Yuanxun2, WAN Xinyu2, YAO Hongjing1, GUO Yangming1 |
|
1. Northwestern Polytechnical University, Xi'an 710072, China;
2. Xi'an Aeronautical Computing Technique Research Institute, Xi'an 710068, China |
| Abstract: |
| In the information interconnection scenario of the new generation wide-body aircraft, there is a large amount of real-time bi-directional data exchange between aircraft control domain and airline information services domain in civil aircraft avionics system, and its security isolation and information flow protection are facing increasingly serious information security threats. Therefore, a bi-directional secure communication architecture based on virtualization avionics platform is proposed in this study. The attribute-based access control for multiple avionics domain is modeling and the designs of protection for contract security critical data and real-time monitoring for security critical component effectiveness are given. Physical implementation and verification results based on the domestic ACoreOS operating system and avionics hardware platform show that the bi-directional secure communication method based on virtualization avionics platform achieves the spatial isolation of security critical components, the data transmit and receive time of ACD network is less than 50 ms, and the message transmit and receive rate of ACD network is greater than 70 Mb/s. These results can meet the performance requirements of secure communication between avionics network domains of wide-body aircraft, which have high practical value. |
| Key words:
wide-body aircraft
virtualization avionics platform
secure communication between network domains
information flow access control
|
|
| 收稿日期: 2021-09-03
修回日期:
|
| DOI: 10.1051/jnwpu/20224030530 |
| 基金项目: 航空科学基金(2020Z069031001)资助 |
| 通讯作者: 郭阳明(1978—),西北工业大学教授,主要从事智能测试仿真与信息安全研究。e-mail:yangming_g@nwpu.edu.cn
Email:yangming_g@nwpu.edu.cn |
| 作者简介: 张双(1976—),西北工业大学博士研究生,主要从事航空电子系统和飞机信息安全研究。
|
|
|
|
|
|
|
|
参考文献: |
|
|
[1] 刘绚, 李莉, 张双, 等. 机载网络服务系统航电接口应用软件的研究与设计[J]. 电光与控制, 2015, 22(7): 70-74 LIU Xuan, LI Li, ZHANG Shuang, et al. Design and implementation of an avionics interface application software for onboard network service system[J]. Electronics Optics & Control, 2015, 22(7): 70-74 (in Chinese)
[2] 胡亮, 陈兴蜀, 陈林, 等. IaaS环境下虚拟机无代理通信加密机制[J]. 计算机应用研究,2016, 33(3): 855-859 HU Liang, CHEN Xingshu, CHEN Lin, et al. Agentless communication encryption framework for virtual machine in IaaS environment[J]. Application Research of Computers, 2016, 33(3): 855-859 (in Chinese)
[3] 乔若轩, 吴涛, 杨秋松. 基于微内核的虚拟机间通信加速方法[J]. 计算机系统应用, 2015, 24(11): 140-145 QIAO Ruoxuan, WU Tao, YANG Qiusong. Acceleration method for communication between microkernel based virtual machines[J]. Computer Systems & Applications, 2015, 24(11): 140-145 (in Chinese)
[4] 陈刚,关楠,吕鸣松,等. 实时多核嵌入式系统研究综述[J]. 软件学报, 2018, 29(7): 2152-2176 CHEN Gang, GUAN Nan, LYU Mingsong, et al. State-of-thevart survey of real-time multicore system[J]. Journal of Software, 2018, 29(7): 2152-2176 (in Chinese)
[5] ELMILIGI Haytham, GEBALI Fayez, EL-KHARASHI W Watheq. Multi-dimensional analysis of embedded systems security[J]. Microprocessors and Microsystems, 2016, 41: 29-36
[6] PAULITSCH Michael, DUARTE Oscar Medina, KARRAY Hassen, et al. Mixed-criticality embedded systems-a balance ensuring partitioning and performance[C]//2015 Euromicro Conference on Digital System Design, 2015: 453-461
[7] TAN B, BIGLARI-ABHARI M, SALCIC Z, et al. Towards decentralized system-level security for MPSoC-based embedded applications[J]. Journal of Systems Architecture, 2017, 80: 41-55
[8] KUREK T. Unikernel network functions: a journey beyond the containers[J]. IEEE Communications Magazine, 2019, 57(12):15-19
[9] MAXIME Compastié, RÉMI Badonnel, OLIVIER Festor, et al. From virtualization security issues to cloud protection opportunities: an in-depth analysis of system virtualization models[J]. Computers & Security, 2020, 97: 101905
[10] MENG Shunmei, GAO Zijian, LI Qianmu, et al. Security-driven hybrid collaborative recommendation method for cloud-based IoT services[J]. Computers & Security, 2020, 97: 101950
[11] MORABITO R, COZZOLINO V, DING A Y, et al. Consolidate IoT edge computing with lightweight virtualization[J]. IEEE Network, 2018, 32(1): 102-111 |
|
|
|
|
|
|
|
