为保障铁路系统的信息安全,文章提出一种铁路运行环境下可信根实体(Entity of Root of Trust,ERT)的软件化技术,在内核中实现强制访问控制功能,通过操作系统内核的修改或扩展,实现更为细粒度和强大的权限管理.同时考虑到轻量级场景下部分设备存在计算能力弱、存储空间有限和电源供应不稳定等问题,提出一种轻量级可信计算体系,最大程度满足可信计算要求.通过实施内核级的强制访问控制和轻量级的可信计算体系改造,缓解未知风险对关键信息基础设施的威胁,为铁路系统的安全性提供保障.
Research on Softwaization Techniques for ERT Trusted Root Entity in Railway Operation Environment
In order to guarantee the information security of railway system,the article proposed a software-based technology of entity of root of Trust(ERT)in railway operation environment,which implemented the mandatory access control function in kernel,and realized a more fine-grained and powerful privilege management through the modification or extension of operating system kernel.Meanwhile,considering the problems of weak computing capability,limited storage space and unstable power supply of some devices in lightweight scenarios,a lightweight trusted computing system is proposed to maximally meet the requirements of trusted computing.Through the implementation of kernel-level mandatory access control and the transformation of the lightweight trusted computing system,the threat of unknown risks to critical infrastructure is mitigated,and a solid guarantee is provided for the security of the railroad system.
railway system information securityERT trusted root entitymandatory access controltrusted computing system
万方数据
维普
