CN104486300B - Aviation exchange system and method based on virtual machine - Google Patents

Aviation exchange system and method based on virtual machine Download PDF

Info

Publication number
CN104486300B
CN104486300B CN201410714131.6A CN201410714131A CN104486300B CN 104486300 B CN104486300 B CN 104486300B CN 201410714131 A CN201410714131 A CN 201410714131A CN 104486300 B CN104486300 B CN 104486300B
Authority
CN
China
Prior art keywords
domain
source language
virtual machine
language message
digital
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410714131.6A
Other languages
Chinese (zh)
Other versions
CN104486300A (en
Inventor
崔西宁
周银萍
戴小氐
李亚晖
张志为
王宁
张树兵
习宁
韩春阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
AVIC No 631 Research Institute
Original Assignee
Xidian University
AVIC No 631 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University, AVIC No 631 Research Institute filed Critical Xidian University
Priority to CN201410714131.6A priority Critical patent/CN104486300B/en
Publication of CN104486300A publication Critical patent/CN104486300A/en
Application granted granted Critical
Publication of CN104486300B publication Critical patent/CN104486300B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1851Systems using a satellite or space-based relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to computer system software technical fields, and in particular to a kind of aviation exchange system and method based on virtual machine.The system includes aircraft network system, virtual interaction system and ground system;Virtual interaction system includes virtual machine, security module and management virtual machine;By above system, authentication is carried out by security module the source language message, integrity verification is carried out to the source language message by Biba models, realizes the secure communication between aircraft network system and ground system and each domain of aircraft network system.

Description

Aviation exchange system and method based on virtual machine
Technical field
The invention belongs to computer system software technical fields, are related to the entity of different security levels between avionics system multiple domain The system and method for secure communication, and in particular to a kind of aviation exchange system and method based on virtual machine.
Background technology
Synthetic aviation electronic system would generally divide multiple domains, and the security level in each domain is not quite similar, inter-domain communication with And the communication security between each domain and ground becomes particularly important, by extensive concern both domestic and external.In the boat of high integrity In empty electronic system, the entity of a large amount of difference security levels is in communication with each other, and is brought to the communication security of avionics system no small Challenge.
According to information sender and the peace of receiving party between each domain of traditional approach and ground system and between domain Congruent grade carries out division VLAN, that is to say, that the Subjective and Objective for being in same safe class is divided in same VLAN, than If the Subjective and Objective that safe class is secret is in secret VLAN, such benefit is that of avoiding numerous and diverse access control Strategy so that communication is relatively simple.But while simple, host and guest's body communication of different security levels receives seriously about Beam is unfavorable for the interaction of information.
Therefore, traditional communication mode can not meet in the avionics system of Present Attitude synthesization inter-domain communication and The security requirement between communication between each domain and ground.
Invention content
In order to solve the problems in background technology, the present invention proposes a kind of aviation exchange system and side based on virtual machine Method, not only realizes the secure communication of aircraft network system and ground system, while realizes difference between aircraft network system multiple domain The entity security communication of security level.
Technical scheme is as follows:
A kind of aviation exchange system based on virtual machine, it is characterised in that:Including aircraft network system, virtual interaction system And ground system;The aircraft network system is in communication with each other by virtual interaction system and ground system;
The virtual interaction system includes virtual machine, security module and management virtual machine;
The management virtual machine reception treats interactive information and sends it to security module;
Information to be interacted is encrypted/decrypted by the security module, authentication, fire wall, access control, complete Property verification;
Different security level informations can be in communication with each other between the virtual machine is used to implement aircraft network system domain.
According to above system, it is proposed that a kind of method that aircraft network system carries out information exchange with ground system, it is special Sign is, includes the following steps:
1) communication starts, and aircraft network system is sent to virtual interaction system management after being encrypted to the source language message is virtual Machine;
2) management virtual machine call security module carries out authentication and integrity verification to the source language message;
2.1) authentication of the source language message;
2.1.1) aircraft network system carries out operation to the source language message of transmission, obtains digital digest MD;
2.1.2) the aircraft network system private key PVA of oneself, is encrypted to get digital signature digital digest MD DS;
2.1.3) aircraft network system symmetric key is to the source language message, digital signature DS and aircraft network system certificate Public key PBA is encrypted, and obtains encryption information E;
2.1.4) the public key PBB of aircraft network system ground system, symmetric key SK are encrypted, and form digital envelope DE;
2.1.5) encryption information E and digital envelope DE is sent to ground system by aircraft network system by management virtual machine System;
2.1.6 after) ground system receives digital envelope DE, digital envelope, taking-up pair are decrypted using the private key PVB of oneself Claim key SK;
2.1.7) ground system symmetric key SK restores the source language message, digital signature DS by decrypting encryption information E And the public key PBA of originating party Closed domains certificate;
2.1.8) ground system verification digital signature DS, is first obtained digital with the public key decryptions digital signature of aircraft network system Make a summary MD;
2.1.9) ground system simultaneously by the source language message with step 1.3.1.1) same operation, acquire a new number Word abstract MD ';Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, is then performed Step 2.2);Otherwise refuse the signature, it is believed that the source language message is not safe transmission, then refuses the transmission of information;
2.2) integrity verification is carried out to the source language message using Biba models;If being proved to be successful, step 3) is performed;If it tests Card failure, then refuse the transmission of information;
3) the source language message is sent to ground system, sign off by management virtual machine.
According to above system, it is proposed that a kind of method that information exchange is carried out between aircraft network system domain, which is characterized in that Include the following steps:
1) communication starts, and originating party domain is sent to the virtual machine of virtual interaction system after being encrypted to the source language message;
2) after virtual machine receives the source language message, whether the originating party domain of judgement and the safe class grade in debit domain match;
If matching, performs step 3);
If mismatching, the promotion and demotion that safe class is carried out using virtual machine are handled so that the peace in originating party domain and debit domain After congruent grade matches, step 3) is performed;
3) the source language message is sent to management virtual machine by virtual machine, management virtual machine call security module to the source language message into Row authentication and integrity verification;
3.1) authentication of the source language message;
3.1.1) originating party domain carries out operation to the source language message of transmission, obtains digital digest MD;
3.1.2) originating party domain is encrypted to get digital signature DS digital digest MD with the private key PVA of oneself;
3.1.3) originating party domain symmetric key is to the public key PBA of the source language message, digital signature DS and originating party domain system certificate It is encrypted, obtains encryption information E;
3.1.4) the public key PBB of originating party domain ground system, symmetric key SK are encrypted, and form digital envelope DE;
3.1.5) encryption information E and digital envelope DE is sent to ground system by originating party domain by management virtual machine;
3.1.6 after) debit domain receives digital envelope DE, digital envelope is decrypted using the private key PVB of oneself, is taken out symmetrical Key SK;
3.1.7) symmetric key SK in debit domain is by decrypting encryption information E, restore the source language message, digital signature DS and The public key PBA of originating party Closed domains certificate;
3.1.8) debit domain verification digital signature DS, first obtains digital digest MD with the public key decryptions digital signature in originating party domain;
3.1.9) debit domain simultaneously by the source language message with step 1.3.1.1) same operation, acquire a new number Make a summary MD ';Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, is then performed Step 3.2);
Otherwise refuse the signature, it is believed that the source language message is not safe transmission, refuses the transmission of information;
3.2) integrity verification is carried out to the source language message using Biba models;If being proved to be successful, step 4) is performed;
If authentication failed, refuse the transmission of information;
4) management virtual machine the source language message is sent to debit domain, sign off.
Include being closed domain, privately owned domain and open domain between above-mentioned domain;The closure domain is for the flight that ensures safety;It is described Privately owned domain represents the service for providing the airplane operation or passenger requirements for access unrelated with safe flight;The open domain, which represents, to be provided To the open network service of passenger;
There are three the virtual machine settings, and three virtual machines correspond setting with three domains respectively.
The advantage of the invention is that:
1st, present system structure realizes in Present Attitude synthetic aviation electronic system aircraft network system and ground Secure communication in plane system and aircraft network system between each domain.
2nd, the present invention carries out authentication using security module to the originating party of communication and the information of debit, substantially increases logical The safety of letter.
3rd, the present invention completes the security implementation of inter-domain communication, virtual machine using the easily controllable advantage of virtual machine virtual machine Technology is capable of the isomerism and dynamic of effective shielding platform so that resource is shared and is multiplexed to greatest extent, and makes behaviour Make it is more flexible, while simplify change management.
4th, the present invention carries out integrity verification using Biba models to file, and verification result reliability greatly improves.
Description of the drawings
Fig. 1 is the structure diagram of aviation exchange system of the present invention;
Fig. 2 is the schematic diagram of aircraft network system;
Fig. 3 is BLP access control schematic diagrams;
Fig. 4 is Biba access control schematic diagrams.
Specific embodiment
It is the aviation exchange system for establishing virtual machine to implement basis of the present invention, which includes aircraft network system, virtually Interactive system and ground system;
Aircraft network system is in communication with each other by virtual interaction system and ground system;Virtual interaction system includes virtual Machine, security module and management virtual machine;Management virtual machine reception treats interactive information and sends it to security module;Safe mould Information to be interacted is encrypted/decrypted by block, authentication, fire wall, access control, integrity verification;Virtual machine is used for Different security level informations can be in communication with each other between realizing aircraft network system domain.
As shown in Fig. 2, commercial aircraft network system is largely divided into three regions at present:It is closed domain (Closed), it is privately owned Domain (Private), open domain (Public).Closed domains represent safety keys avionics system, Cockpit Management System; Private domains represent course line operating system, service on buses or trains terminal system etc.;Public domains, which represent, is supplied to the open network of passenger to take Business, CNS represent air traffic control system (ATCS) (communication communication navigation navigation monitoring Surveillance), Aircraft control represent aircraft control, and Carbin services represent cabin services, and SATCOM represents satellite communication, Crew terminals represent crew's terminal, and Information services represent information service, and Broad band are represented Wideband transmits, and External 802.11 represents external 802.11 agreements, and nternal 802.11 represents internal 802.11 agreements, Crew devices represent crew's equipment, and In-flight entertainment represent to entertain in machine, Passenger Devices represents passenger devices.
Illustrate be:Each domain is correspondingly arranged there are one virtual machine, according to Fig. 1, is closed domain and virtual machine 1 in figure Corresponding, privately owned domain is corresponding with virtual machine 2, and open domain is corresponding with virtual machine 3.The security level in each domain is not quite similar, they it Between be in communication with each other can it is more complicated, need to control inter-domain communication accordingly, just can guarantee can both keep each other it Between independence, while ensure the communication security between domain.
First, specifically to be closed letter of the information exchange in domain and ground system between aircraft network system and ground system The method of breath interaction is described:
1) communication starts, and is closed the management virtual machine that virtual interaction system is sent to after domain will encrypt the source language message;
2) management virtual machine call security module carries out authentication and integrity verification to the source language message;
2.1) authentication of the source language message;
2.1.1 it) is closed domain and Hash operation is carried out to the source language message of transmission, obtain a cryptographic Hash, as digital digest MD;
2.1.2) closure domain system private PVA (the private key PVA of oneself:The private cipher key private key of A, take Two letters of p and v of private) digital digest MD is encrypted to get digital signature DS using asymmetric RSA Algorithm;
2.1.3 domain symmetric key) is closed to the source language message, digital signature DS and the public key PBA (PBA for being closed domain certificate Represent the public key of A, take two letters of p and b of public) it is encrypted using symmetry algorithm, obtain encryption information E;
2.1.4) (PBB represents the public key of B to the public key PBB of closure domain ground system, takes the p and b two of public A letter), symmetric key SK is encrypted using RSA Algorithm, forms digital envelope DE;
2.1.5 it) is closed domain and encryption information E and digital envelope DE is sent to ground system by management virtual machine;
2.1.6 after) ground system receives digital envelope DE, digital envelope, taking-up pair are decrypted using the private key PVB of oneself Claim key SK;
2.1.7) ground system decrypts encryption information E with symmetric key SK by DES algorithms, restores the source language message, number The public key PBA of word signature DS and originating party Closed domains certificate;
2.1.8) ground system verification digital signature DS, first obtains digital digest with the public key decryptions digital signature for being closed domain MD;
2.1.9) ground system simultaneously by the source language message with step 1.3.1.1) same operation, acquire a new number Word abstract MD ';Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, is then performed Step 2.2);Otherwise refuse the signature, it is believed that the source language message is not safe transmission, refusal information transmission
2.2) integrity verification is carried out to the source language message using Biba models;If being proved to be successful, step 3) is performed;If it tests Information transmission is then refused in card failure
3) the source language message is sent to ground system, sign off by management virtual machine.
Other each domains are identical with above-mentioned closure domain and ground system communication mode with the secure communication flow of ground system.
Then, information exchange is specifically carried out between aircraft network system domain for being closed the information exchange in domain and privately owned domain Method be described:
1) communication starts, and originating party domain (being closed domain) is sent to the virtual machine of virtual interaction system after being encrypted to the source language message (virtual machine 1);
2) after virtual machine (virtual machine 1) receives the source language message, the originating party domain (being closed domain) of judgement and debit domain are (privately owned Domain) safe class grade whether match;If matching, performs step 3);If mismatching, what kind of carries out using virtual machine After processing, step 3) is performed;
3) the source language message is sent to management virtual machine by virtual machine (virtual machine 1), manages virtual machine call security module pair The source language message carries out authentication and integrity verification;
3.1) authentication of the source language message;
3.1.1) originating party domain (being closed domain) obtains one to the source language message Hash operation of transmission
A cryptographic Hash obtains digital digest MD;
3.1.2) originating party domain (be closed domain) carries out digital digest MD using asymmetric RSA Algorithm with the private PVA of oneself Encryption is to get digital signature DS;
3.1.3) originating party domain (be closed domain) with symmetric key to the source language message, digital signature DS and originating party domain system certificate Public key PBA is encrypted, and obtains encryption information E;
3.1.4) originating party domain (be closed domain) is added using RSA Algorithm symmetric key SK with the public key PBB in debit domain (privately owned domain) It is close, form digital envelope DE;
3.1.5) originating party domain (being closed domain) sends out encryption information E and digital envelope DE by management virtual machine (virtual machine 1) It send to ground system;
3.1.6 after) debit domain (privately owned domain) receives digital envelope DE, digital envelope is decrypted using the private key PVB of oneself, Take out symmetric key SK;
3.1.7) debit domain (privately owned domain) decrypts encryption information E with symmetric key SK by DES algorithms, restores original text letter The public key PBA of breath, digital signature DS and originating party Closed domains certificate;
3.1.8) debit domain (privately owned domain) verification digital signature DS, first with the public key decryptions number label of originating party domain (being closed domain) Name obtains digital digest MD;
3.1.9) debit domain (privately owned domain) and meanwhile by the source language message with step 1.3.1.1) same operation, acquire one New digital digest MD ';Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, is then performed Step 3.2);
Otherwise refuse the signature, it is believed that the source language message is not safe transmission, refusal information transmission
3.2) integrity verification is carried out to the source language message using Biba models;If being proved to be successful, step 4) is performed;If it tests Information transmission is then refused in card failure
4) management virtual machine the source language message is sent to debit domain (privately owned domain), sign off.
Secure communication flow between other each domains is similar with above-mentioned closure domain and privately owned field communication mode.
Herein, it needs to illustrate the model that information integrity verification uses in the above method:
The access control of aviation exchange system is divided into top-secret, secret, secret and open etc. several according to Permission Levels Class;--- BLP models are to be existed in 1973 by D.Bell and J.LaPadula《Mathematical founda-ons and model》It is proposed and be subject to it is perfect, it according to the safety policy of the military design, solution essence topic be to level of confidentiality divide believe The access control of breath, be first ratio more fully formalization method to system safely carry out Strict Proof mathematical model, quilt It extensively should be in the safety problem of description computer system.User is strictly controlled to be visited according to the level of confidentiality belonging to oneself using BLP models It asks.In BLP models, level of confidentiality is the either element in set { top-secret, secret, secret, openly }, this set is total order, i.e.,:Absolutely It is close>Secret>It is secret>It is open.In BLP models, the set of security attribute forms the lattice for meeting partial ordering relation (Lattice), this partial ordering relation is known as dominating (Dominate) relationship.BLP models distribute one to each user in system Security attribute (also known as sensitive grade), it is reflected to user not by sensitive information leakage to not holding corresponding security attribute user Confidence level.User activated process will also authorize this security attribute.BLP models also distribute one to each object in system Security attribute, it reflects the susceptibility of information in object, also reflects without permission to the user for not allowing to access the information Reveal the potential threat caused by these information.
The access of main object must satisfy following two rules, such as Fig. 3 in BLP models:
1st, simple and safe rule, only when the sensitivity level of main body includes visitor not less than object sensitivity level and the category set of main body During body, the main body is just allowed to read the object.I.e. main body can only read level of confidentiality equal to or less than its object, that is to say, that main body can only From lower reading, and cannot be from upper reading;
2nd, star rule, only when the sensitivity level of main body includes not higher than the category set of object sensitivity level and object the class of main body When not gathering, the main body is just allowed to write the object.I.e. main body can only write level of confidentiality equal to or higher than its object, that is to say, that main body It can only write, and cannot write downwards upwards.
Above-mentioned two rule ensure that the one-way flow of information, i.e. information can only be flowed to the direction of high safety attribute, energy Enough meets the needs of avionics system high safety.
But BLP model Special attention will be given to information is flowed to the direction of high safety grade, but to the complete of high safety grade information Property protection have insufficient emphasis on.For the integrality demand of avionics system information, ensured using Biba models.
Biba models are the first models for being related to computer system integrity, are issued within 1977.Biba models will be complete Property threaten and be divided into from subsystem internal and external threat.If a component of subsystem is malice or incorrect, Then generate inside threat;If subsystem attempt by wrong data or it is incorrect call a function to change another be System, then generate outside threat.Biba thinks that inside threat can be solved by program test or inspection.So main needle of model To outside threat, solves the first aim of integrality:Prevent distorting for unauthorized user.Biba models are primarily directed to letter In terms of ceasing integrity protection.Similar with BLP models, Biba models integrity levels are instead of sensitivity in BLP models etc. Grade, and the limitation of access control is just with BLP models on the contrary, such as Fig. 4.
(1) simple complete rule is only more than or equal to the full stage of object and the category set of main body when the full stage of main body During classification collection comprising object, the main body is just allowed to write the object.I.e. main body can only be write downwards, and cannot write upwards, that is, Say that main body can only write (modification) integrity grade equal to or less than its object;
(2) integrality restricts rule (star rule), only when the full stage of main body is not higher than object full stage and the class of object When Ji He not include the category set of main body, the main body is just allowed to read the object.I.e. main body can only be from upper reading, and cannot be under It reads.

Claims (1)

1. a kind of aviation exchange system based on virtual machine, it is characterised in that:Including aircraft network system, virtual interaction system with And ground system;The aircraft network system is in communication with each other by virtual interaction system and ground system;
The virtual interaction system includes virtual machine, security module and management virtual machine;
The management virtual machine reception treats interactive information and sends it to security module;
Information to be interacted is encrypted/decrypted by the security module, authentication, fire wall, access control, integrality are tested Card;
Different security level informations can be in communication with each other between the virtual machine is used to implement aircraft network system domain;
The aircraft network system is comprised the concrete steps that by virtual machine system with what ground system was in communication with each other:
A1) communication starts, and aircraft network system is sent to the management virtual machine of virtual interaction system after being encrypted to the source language message;
A2) management virtual machine call security module carries out authentication and integrity verification to the source language message;
A2.1) the authentication of the source language message;
A2.1.1) aircraft network system carries out operation to the source language message of transmission, obtains digital digest MD;
A2.1.2) the aircraft network system private key PVA of oneself, is encrypted to get digital signature DS digital digest MD;
A2.1.3) aircraft network system symmetric key is to the public affairs of the source language message, digital signature DS and aircraft network system certificate Key PBA is encrypted, and obtains encryption information E;
A2.1.4) the public key PBB of aircraft network system ground system, symmetric key SK are encrypted, and form digital envelope DE;
A2.1.5) encryption information E and digital envelope DE is sent to ground system by aircraft network system by management virtual machine;
A2.1.6 after) ground system receives digital envelope DE, digital envelope is decrypted using the private key PVB of oneself, is taken out symmetrical Key SK;
A2.1.7) ground system symmetric key SK is by decrypting encryption information E, restore the source language message, digital signature DS and The public key PBA of originating party Closed domains certificate;
A2.1.8) ground system verification digital signature DS, first obtains digital pluck with the public key decryptions digital signature of aircraft network system Want MD;
A2.1.9) ground system simultaneously by the source language message with step A2.1.1) same operation, acquire a new number and pluck Want MD ';Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, then performs step A2.2);Otherwise refuse the signature, it is believed that the source language message is not safe transmission, then refuses the transmission of information;
A2.2 integrity verification) is carried out to the source language message using Biba models;If being proved to be successful, step A3 is performed);If verification Failure, then refuse the transmission of information;
A3) the source language message is sent to ground system, sign off by management virtual machine;
The virtual machine is used to implement the specific steps that different security level informations can be in communication with each other between aircraft network system domain It is:
B1) communication starts, and originating party domain is sent to the virtual machine of virtual interaction system after being encrypted to the source language message;
B2 after) virtual machine receives the source language message, whether the originating party domain of judgement and the safe class grade in debit domain match;
If matching, performs step B3);
If mismatching, the promotion and demotion that safe class is carried out using virtual machine are handled so that the safety in originating party domain and debit domain etc. After grade matches, step B3 is performed);
B3) the source language message is sent to management virtual machine by virtual machine, and management virtual machine call security module carries out the source language message Authentication and integrity verification;
B3.1) the authentication of the source language message;
B3.1.1) originating party domain carries out operation to the source language message of transmission, obtains digital digest MD;
B3.1.2) originating party domain is encrypted to get digital signature DS digital digest MD with the private key PVA of oneself;
B3.1.3) originating party domain carries out the public key PBA of the source language message, digital signature DS and originating party domain system certificate with symmetric key Encryption, obtains encryption information E;
B3.1.4) the public key PBB of originating party domain ground system, symmetric key SK are encrypted, and form digital envelope DE;
B3.1.5) encryption information E and digital envelope DE is sent to ground system by originating party domain by management virtual machine;
B3.1.6 after) debit domain receives digital envelope DE, digital envelope is decrypted using the private key PVB of oneself, is taken out symmetrical close Key SK;
B3.1.7) symmetric key SK in debit domain restores the source language message, digital signature DS and hair by decrypting encryption information E Side is closed the public key PBA of domain certificate;
B3.1.8) debit domain verification digital signature DS, first obtains digital digest MD with the public key decryptions digital signature in originating party domain;
B3.1.9) debit domain simultaneously by the source language message with step B3.1.1) same operation, acquire a new digital digest MD’;Two digital digests MD and MD ' are compared, whether verification original text is changed;
If both MD and MD ' are equal, illustrate that data are not tampered with, the source language message is safe transmission, then performs step B3.2);
Otherwise refuse the signature, it is believed that the source language message is not safe transmission, refuses the transmission of information;
B3.2 integrity verification) is carried out to the source language message using Biba models;If being proved to be successful, step B4 is performed);
If authentication failed, refuse the transmission of information;
B4) management virtual machine the source language message is sent to debit domain, sign off;
Include being closed domain, privately owned domain and open domain between the domain;The closure domain is for the flight that ensures safety;The privately owned domain generation Table provides the service of the airplane operation or passenger requirements for access unrelated with safe flight;The open domain, which represents, is supplied to passenger's Open network service;
There are three the virtual machine settings, and three virtual machines correspond setting with three domains respectively.
CN201410714131.6A 2014-11-29 2014-11-29 Aviation exchange system and method based on virtual machine Active CN104486300B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410714131.6A CN104486300B (en) 2014-11-29 2014-11-29 Aviation exchange system and method based on virtual machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410714131.6A CN104486300B (en) 2014-11-29 2014-11-29 Aviation exchange system and method based on virtual machine

Publications (2)

Publication Number Publication Date
CN104486300A CN104486300A (en) 2015-04-01
CN104486300B true CN104486300B (en) 2018-07-03

Family

ID=52760804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410714131.6A Active CN104486300B (en) 2014-11-29 2014-11-29 Aviation exchange system and method based on virtual machine

Country Status (1)

Country Link
CN (1) CN104486300B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10652027B2 (en) * 2015-10-20 2020-05-12 The Boeing Company Airplane identity management with redundant line replaceable units (LRUs) and composite airplane modifiable information (AMI)
CN105933284B (en) * 2016-04-01 2019-05-28 西安电子科技大学昆山创新研究院 A kind of Biba improved model and system based on BTG mechanism
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology
CN109831438B (en) * 2019-02-19 2022-03-11 中国航空工业集团公司西安航空计算技术研究所 Two-way communication system and method between avionic network domain and information network domain based on virtualization
CN114153227B (en) * 2021-11-30 2024-02-20 重庆大学 Unmanned aerial vehicle group key extraction and security authentication method based on GPS signals
CN117579275B (en) * 2024-01-16 2024-04-12 中国民用航空飞行学院 Information security management method, system and storage medium based on aviation data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908962A (en) * 2009-12-24 2010-12-08 中国航空工业集团公司第六三一研究所 Key management method for integrated avionic system
CN102609841A (en) * 2012-01-13 2012-07-25 东北大学 Remote mobile payment system based on digital certificate and payment method
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8615384B2 (en) * 2007-10-31 2013-12-24 The Boeing Company Method and apparatus for simulating aircraft data processing systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908962A (en) * 2009-12-24 2010-12-08 中国航空工业集团公司第六三一研究所 Key management method for integrated avionic system
CN102609841A (en) * 2012-01-13 2012-07-25 东北大学 Remote mobile payment system based on digital certificate and payment method
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云计算虚拟机防护系统设计与实现;王景学;《中国优秀硕士学位论文全文数据库》;20141115;正文第17-36页 *
综合化航空电子系统中基于可信计算的访问控制模型;崔西宁,沈玉龙,马建峰,谢克嘉;《通信学报》;20091130;第30卷(第11A期);全文 *

Also Published As

Publication number Publication date
CN104486300A (en) 2015-04-01

Similar Documents

Publication Publication Date Title
CN104486300B (en) Aviation exchange system and method based on virtual machine
CN104639516B (en) Identity identifying method, equipment and system
CN107820604A (en) Half virtualization security threat protection of the computer driven systems with networked devices
US8380981B2 (en) System and method that uses cryptographic certificates to define groups of entities
CN104539598B (en) A kind of improvement Tor secure anonymous network communicating system and method
CN108769133A (en) A kind of flying quality sharing method, computer installation and computer readable storage medium based on block chain
CN104735065B (en) A kind of data processing method, electronic equipment and server
CN105162797B (en) A kind of mutual authentication method based on video monitoring system
CN103238305A (en) Accelerator system for use with secure data storage
CN110069918A (en) A kind of efficient double factor cross-domain authentication method based on block chain technology
EP3169035A1 (en) Secure removable storage for aircraft systems
CN103974255B (en) A kind of vehicle access system and method
CN106295374B (en) A kind of encryption Hub device for supporting multiple UFS equipment
CN106100836A (en) A kind of industrial user's authentication and the method and system of encryption
CN105873031A (en) Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform
CN109361718A (en) Identity identifying method, device and medium
CN110365486A (en) A kind of certificate request method, device and equipment
CN107465681A (en) Cloud computing big data method for secret protection
CN107332858A (en) Cloud date storage method
CN106982208A (en) A kind of method of Unmanned Aerial Vehicle Data transmission protection
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
CN101118639A (en) Safety electric national census system
CN106789928A (en) Unlocking method and device based on system bidirectional authentication
CN110198320A (en) A kind of ciphered information transmission method
CN103310159A (en) Method and system for safely taking out electronic file with mobile intelligent terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant