面向IMA的操作系统信息安全保证技术研究
|
摘要
目前,航空电子系统正从联合式向综合化方向转变,未来向高度综合化方向发展。综合模块化航空电子系统的不同功能应用集成在同一物理处理平台,且在网络中心战的场景下需与外界互联进行信息共享,导致机载嵌入式软件在全运行生命周期即安装、启动到运行、重启多个阶段中面临信息安全威胁。为此提出一种软件解决方案,依赖数字签名机制和对称加密技术设计安全启动、安全运行时、安全存储等模块,来保证系统从上电到关机的平台完整性和数据机密性。分析了方案的潜在局限性,给出了改进的可参考方案。
The avionics system is developing from a federated one to a integrated one,and it will be highly integrated in the future. The different functions of the integrated module avionics system will running in the same physical platform. In the scene of network centric warfare,the system needs to be interconnected with the outside world for information sharing,resulting in airborne embedded software to face information security threats in several phases as installation,start-up,run-time,and restart during the full life cycle.A software solution is proposed that relies on digital signature mechanisms and symmetric encryption technology to design secure boot,secure runtime,and secure storage modules,in order that ensure platform integrity and data confidentiality from system power-up to shutdown. Finally,the potential limitations of the solution are analyzed,and the reference suggestion is given.
The avionics system is developing from a federated one to a integrated one,and it will be highly integrated in the future. The different functions of the integrated module avionics system will running in the same physical platform. In the scene of network centric warfare,the system needs to be interconnected with the outside world for information sharing,resulting in airborne embedded software to face information security threats in several phases as installation,start-up,run-time,and restart during the full life cycle.A software solution is proposed that relies on digital signature mechanisms and symmetric encryption technology to design secure boot,secure runtime,and secure storage modules,in order that ensure platform integrity and data confidentiality from system power-up to shutdown. Finally,the potential limitations of the solution are analyzed,and the reference suggestion is given.
引文
[1]周敏刚.满足适航要求的嵌入式操作系统测试方法[J].航空计算技术,2016,46(4):114-117,122.
[2]崔西宁,沈玉龙,李亚晖.综合化航空电子系统安全技术研究进展[J].计算机应用与软件,2012,29(11):130-136.
[3]Vanfleet Mark,Beckwith William,Calloni Ben,et al.MILS:Architecture for High-Assurance Embedded Computing[J].Cross Talk,2005:12-16.
[4]Wang Le,Cheng Taoran,Li Yang.Preliminary Research of Secure Integrated Computing in Future Avionics[C].Wuxi:12th International Conference on Computational Intelligence and Security,2016.
[5]杨霞,雷林,吴新勇,等.采用数字签名技术的可信启动方法研究[J].电子科技大学学报,2016,45(3):448-452.
[6]Gassend B,Suh G,Clarke D,et al.Caches and Hash Trees for Efficient Memory Integrity Verification[C].Anaheim:Proc of the 9th International Symposium on High Performance Computer Architecture(HPCA-9),2003.
[7]Raj Himanshu,Saroiu Stefan,Wolman Alec,et al.FTPM:A Software-only Implementation of a TPM Chip[C].Austin:25th Usenix Security Symposium,2016.
[2]崔西宁,沈玉龙,李亚晖.综合化航空电子系统安全技术研究进展[J].计算机应用与软件,2012,29(11):130-136.
[3]Vanfleet Mark,Beckwith William,Calloni Ben,et al.MILS:Architecture for High-Assurance Embedded Computing[J].Cross Talk,2005:12-16.
[4]Wang Le,Cheng Taoran,Li Yang.Preliminary Research of Secure Integrated Computing in Future Avionics[C].Wuxi:12th International Conference on Computational Intelligence and Security,2016.
[5]杨霞,雷林,吴新勇,等.采用数字签名技术的可信启动方法研究[J].电子科技大学学报,2016,45(3):448-452.
[6]Gassend B,Suh G,Clarke D,et al.Caches and Hash Trees for Efficient Memory Integrity Verification[C].Anaheim:Proc of the 9th International Symposium on High Performance Computer Architecture(HPCA-9),2003.
[7]Raj Himanshu,Saroiu Stefan,Wolman Alec,et al.FTPM:A Software-only Implementation of a TPM Chip[C].Austin:25th Usenix Security Symposium,2016.