CN105530092A - IMA processor system information security management method - Google Patents
IMA processor system information security management method Download PDFInfo
- Publication number
- CN105530092A CN105530092A CN201510907911.7A CN201510907911A CN105530092A CN 105530092 A CN105530092 A CN 105530092A CN 201510907911 A CN201510907911 A CN 201510907911A CN 105530092 A CN105530092 A CN 105530092A
- Authority
- CN
- China
- Prior art keywords
- information
- secret
- processor system
- security
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an IMA processor system information security management method, comprising following steps: 1), information security management total method: 1.1), dividing IMA processor system information into four security levels of top secret, confidential, secret and ordinary information, managing the information; setting the security level of the top secret information to be highest, setting the security level of the ordinary information to be lowest; 1.2), storing the secret and ordinary information in a processor system, forbidding storing the top secret and confidential information in the processor system, only temporarily loading the top secret and confidential information through a data loader; 1.3), identifying and encrypting the top secret, confidential and secret information according to the levels; 1.4), carrying out information access authority management and control according to corresponding security levels. According to the IMA processor system information security management method provided by the invention, the information using authority is effectively managed; the information transmission flow direction is controlled; and the information security storage access problem of the IMA processor system resulted from high resource sharing and high data fusion is solved.
Description
Technical field
The present invention belongs to embedded computer system design field, particularly relates to a kind of IMA processor system information security management method.
Background technology
IMA processor system has the features such as resource shared resources, the fusion of data height and software highly dense, and thus its processes and shares the information of different level of security, brings safety information sharing problem timely between different user.Propose a kind of IMA processor system information security management method for this problem, IMA processor system information point top secret, secret, secret and common four safe classes are managed, and top-secret information level of confidentiality is the highest, general information level of confidentiality is minimum; Secret and general information can store in processor system, and top secret and confidential information forbid always storing at processor system, load by means of only data loader temporarily; Top-secret information, confidential information, secret information are undertaken identifying and encrypting by grade; System application is carried out information access rights management by corresponding level of security and is controlled, and high level of security user can access lower security class information, lower security class subscribers disable access height security level information.
Summary of the invention
In order to solve technical problem existing in background technology, the present invention proposes a kind of IMA processor system information security management method, effective management information rights of using, control information transport stream to, solve IMA processor system because resource shared resources, data height merge the information security memory access problem brought.
Technical solution of the present invention is: a kind of IMA processor system information security management method, is characterized in that: said method comprising the steps of:
1) information security management group method:
1.1) IMA processor system information point top secret, secret, secret and common four safe classes are managed; If top-secret information level of confidentiality is the highest, general information level of confidentiality is minimum;
1.2) arrange secret and general information to store in processor system, top secret and confidential information forbid always storing at processor system, load by means of only data loader temporarily;
1.3) top-secret information, confidential information, secret information are undertaken identifying and encrypting by grade;
1.4) carry out information access rights management by corresponding level of security to control, high level of security user allows access lower security class information, lower security class subscribers disable access height security level information.
2) information storage security management:
2.1) IMA processor system stores information by secret and common two partition of the level memory banks;
2.2) secret information carries out information encryption storage by hardware implementing 64 des encryption algorithms, the automatic encryption and decryption of secret information hardware when the data of writing and reading solid-state memory system;
2.3) in emergency circumstances electric energy destruction is carried out to storage information, high-voltage great-current is destroyed power supply and be directly loaded on memory bank chip power pin, adopt reverse high-voltage large current to impact, the memory cell of memory bank chip internal tube core is damaged.
3) information transmission security management:
3.1) between system software and bottom-layer network interface, increase function of data distribution (DSS) safety management middleware software realize information transmission security management;
3.2) safety management middleware software is in network interface layer and DDS core layer, realizes authentication, data access control, data encrypting and deciphering, message integrity discriminating, key management functions;
3.3) safety management middleware software must configure the master key of application module, public and private key and four ciphering units, the symmetric key of corresponding four level of securitys, master key is symmetric key, the PKI exchanged between encrypting module, safety management middleware software between application module shares master key, and the symmetric key of ciphering unit is used for encrypting messages.
Safety management middleware software sends information control flow journey:
4) application module A sends message to application module B, connects and exchange PKI each other between the safety management middleware software before communicating on these two nodes;
5) safety management middleware software A first generates digital finger-print according to HASH algorithm, is then encrypted formation digital signature with the private key of A to digital finger-print;
6) safety management middleware software A selects corresponding symmetric key according to message level of confidentiality, by the message sent needed for this multilevel symmetrical secret key encryption, forms ciphertext;
7) with this symmetric key of public key encryption of safety management middleware software B, form digital envelope, digital signature, digital envelope are together transferred to safety management middleware software B together with the message of having encrypted.
Safety management middleware software receives information control flow journey:
8), after safety management middleware software B receives message, use the public key decryptions digital signature of A to generate digital finger-print, use the private cipher key of oneself to decipher encrypted multilevel symmetrical key;
9) real message is gone out by multilevel symmetrical secret key decryption again; Call HASH algorithm and form digital finger-print, two digital finger-prints compare, if identical, then authentication is passed through and differentiated that message integrity passes through.
Advantage of the present invention is:
1) information point top secret, secret, secret and common four safe classes manage, and different application is by corresponding safe class orientation corresponding information.
2) effective management information rights of using, control information transport stream to.
3) IMA processor system is solved because resource shared resources, data height merge the information security memory access problem brought.
Accompanying drawing explanation
Fig. 1 is that IMA processor system Security Middleware software of the present invention sends information control chart;
Fig. 2 is IMA processor system Security Middleware software receipt information control chart of the present invention;
Embodiment
The present invention proposes a kind of IMA processor system information security management method, IMA processor system information point top secret, secret, secret and common four safe classes are managed, and top-secret information level of confidentiality is the highest, general information level of confidentiality is minimum; Secret and general information can store in processor system, and top secret and confidential information forbid always storing at processor system, load by means of only data loader temporarily; Top-secret information, confidential information, secret information are undertaken identifying and encrypting by grade; System application is carried out information access rights management by corresponding level of security and is controlled, and high level of security user can access lower security class information, lower security class subscribers disable access height security level information.Secret information in IMA processor system is stored and is automatically encrypted by hardware, in case of emergency carries out electric energy destruction.In IMA processor system, information transmission realizes information security management by increasing function of data distribution (DSS) safety management middleware software between system software and bottom-layer network interface.
IMA processor system information security management method execution mode is as follows:
Information security management group method: 1. IMA processor system information point top secret, secret, secret and common four safe classes manage, and top-secret information level of confidentiality is the highest, general information level of confidentiality is minimum; 2. secret and general information can store in processor system, and top secret and confidential information forbid always storing at processor system, load by means of only data loader temporarily; 3. top-secret information, confidential information, secret information are undertaken identifying and encrypting by grade; 4. system application carries out information access rights management control by corresponding level of security, and high level of security user can access lower security class information, lower security class subscribers disable access height security level information.
Information storage security manages: 1. IMA processor system stores information by secret and common two partition of the level memory banks; 2. secret information carries out information encryption storage by hardware implementing 64 des encryption algorithms, and the automatic encryption and decryption of secret information hardware when the data of writing and reading solid-state memory system, does not increase overhead; 3. in emergency circumstances electric energy destruction is carried out to storage information, high-voltage great-current is destroyed power supply and be directly loaded on memory bank chip power pin, adopt reverse high-voltage large current to impact, the memory cell of memory bank chip internal tube core is damaged.
Information transmission security manages: between system software and bottom-layer network interface, 1. increase function of data distribution (DSS) safety management middleware software realize information transmission security management; 2. safety management middleware software is in network interface layer and DDS core layer, realizes the functions such as authentication, data access control, data encrypting and deciphering, message integrity discriminating, key management; 3. safety management middleware software must the configuration master key of application module, public and private key and four ciphering units (corresponding four level of securitys) symmetric key, master key is symmetric key, be used for the PKI exchanged between encrypting module, safety management middleware software between application module shares master key, and the symmetric key of ciphering unit is used for encrypting messages; 4. application module A will send message to application module B, connects and exchange PKI each other between the safety management middleware software before communicating on these two nodes.As shown in Figure 1, safety management middleware software A first generates digital finger-print according to HASH algorithm, is then encrypted formation digital signature with the private key of A to digital finger-print; Then safety management middleware software A selects corresponding symmetric key according to message level of confidentiality, by the message sent needed for this multilevel symmetrical secret key encryption, form ciphertext, then this symmetric key of public key encryption of safety management middleware software B is used, form digital envelope, digital signature, digital envelope are together transferred to safety management middleware software B together with the message of having encrypted.As shown in Figure 2, after safety management middleware software B receives message, first use the public key decryptions digital signature of A to generate digital finger-print, then use the private cipher key of oneself to decipher encrypted multilevel symmetrical key, then go out real message with this symmetric key decryption.Then call HASH algorithm and form digital finger-print, two digital finger-prints compare, if identical, then authentication is passed through and differentiated that message integrity passes through.
Claims (3)
1. an IMA processor system information security management method, is characterized in that: said method comprising the steps of:
1) information security management group method:
1.1) IMA processor system information point top secret, secret, secret and common four safe classes are managed; If top-secret information level of confidentiality is the highest, general information level of confidentiality is minimum;
1.2) arrange secret and general information to store in processor system, top secret and confidential information forbid always storing at processor system, load by means of only data loader temporarily;
1.3) top-secret information, confidential information, secret information are undertaken identifying and encrypting by grade;
1.4) carry out information access rights management by corresponding level of security to control, high level of security user allows access lower security class information, lower security class subscribers disable access height security level information;
2) information storage security management:
2.1) IMA processor system stores information by secret and common two partition of the level memory banks;
2.2) secret information carries out information encryption storage by hardware implementing 64 des encryption algorithms, the automatic encryption and decryption of secret information hardware when the data of writing and reading solid-state memory system;
2.3) in emergency circumstances electric energy destruction is carried out to storage information, high-voltage great-current is destroyed power supply and be directly loaded on memory bank chip power pin, adopt reverse high-voltage large current to impact, the memory cell of memory bank chip internal tube core is damaged;
3) information transmission security management:
3.1) between system software and bottom-layer network interface, increase function of data distribution (DSS) safety management middleware software realize information transmission security management;
3.2) safety management middleware software is in network interface layer and DDS core layer, realizes authentication, data access control, data encrypting and deciphering, message integrity discriminating, key management functions;
3.3) safety management middleware software must configure the master key of application module, public and private key and four ciphering units, the symmetric key of corresponding four level of securitys, master key is symmetric key, the PKI exchanged between encrypting module, safety management middleware software between application module shares master key, and the symmetric key of ciphering unit is used for encrypting messages.
2. IMA processor system information security management method according to claim 1, is characterized in that: safety management middleware software sends information control flow journey:
4) application module A sends message to application module B, connects and exchange PKI each other between the safety management middleware software before communicating on these two nodes;
5) safety management middleware software A first generates digital finger-print according to HASH algorithm, is then encrypted formation digital signature with the private key of A to digital finger-print;
6) safety management middleware software A selects corresponding symmetric key according to message level of confidentiality, by the message sent needed for this multilevel symmetrical secret key encryption, forms ciphertext;
7) with this symmetric key of public key encryption of safety management middleware software B, form digital envelope, digital signature, digital envelope are together transferred to safety management middleware software B together with the message of having encrypted.
3. IMA processor system information security management method according to claim 2, is characterized in that: safety management middleware software receives information control flow journey:
8), after safety management middleware software B receives message, use the public key decryptions digital signature of A to generate digital finger-print, use the private cipher key of oneself to decipher encrypted multilevel symmetrical key;
9) real message is gone out by multilevel symmetrical secret key decryption again; Call HASH algorithm and form digital finger-print, two digital finger-prints compare, if identical, then authentication is passed through and differentiated that message integrity passes through.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510907911.7A CN105530092B (en) | 2015-12-09 | 2015-12-09 | A kind of IMA processor systems information security management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510907911.7A CN105530092B (en) | 2015-12-09 | 2015-12-09 | A kind of IMA processor systems information security management method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105530092A true CN105530092A (en) | 2016-04-27 |
CN105530092B CN105530092B (en) | 2018-05-08 |
Family
ID=55772106
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510907911.7A Active CN105530092B (en) | 2015-12-09 | 2015-12-09 | A kind of IMA processor systems information security management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105530092B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107633177A (en) * | 2017-09-22 | 2018-01-26 | 苏州大成有方数据科技有限公司 | A kind of file management method of graded encryption |
CN107657162A (en) * | 2017-09-22 | 2018-02-02 | 苏州大成有方数据科技有限公司 | A kind of safe electronic document management system |
CN108090378A (en) * | 2017-12-07 | 2018-05-29 | 中国航空工业集团公司西安航空计算技术研究所 | The information encrypted master and controlling mechanism of a kind of IMA storage systems |
WO2019056327A1 (en) * | 2017-09-22 | 2019-03-28 | 苏州大成有方数据科技有限公司 | Safe electronic file management system |
CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
US20200089182A1 (en) * | 2015-12-10 | 2020-03-19 | Siemens Aktiengesellschaft | Distributed embedded data and knowledge management system integrated with plc historian |
CN111079163A (en) * | 2019-12-16 | 2020-04-28 | 国网山东省电力公司威海市文登区供电公司 | Encryption and decryption information system |
CN112035436A (en) * | 2020-08-31 | 2020-12-04 | 国网天津市电力公司 | Energy big data application center system |
CN112882964A (en) * | 2021-03-04 | 2021-06-01 | 中国航空工业集团公司西安航空计算技术研究所 | High-capacity and high-safety storage system supporting multiple interfaces |
CN114039736A (en) * | 2020-07-20 | 2022-02-11 | 广州汽车集团股份有限公司 | Method for dynamically loading encryption engine |
-
2015
- 2015-12-09 CN CN201510907911.7A patent/CN105530092B/en active Active
Non-Patent Citations (3)
Title |
---|
CHRISTOPHER B. WATKINS, SMITHS AEROSPACE LLC, GRAND RAPIDS, MI: "INTEGRATED MODULAR AVIONICS: MANAGING THE ALLOCATION OF SHARED INTERSYSTEM RESOURCES", 《IEEE》 * |
张风鸣,褚文奎,樊晓光,万明: "综合模块化航空电子体系结构研究", 《电光与控制》 * |
王和平: "综合航电系统信息安全性设计", 《计算机应用》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200089182A1 (en) * | 2015-12-10 | 2020-03-19 | Siemens Aktiengesellschaft | Distributed embedded data and knowledge management system integrated with plc historian |
CN107633177A (en) * | 2017-09-22 | 2018-01-26 | 苏州大成有方数据科技有限公司 | A kind of file management method of graded encryption |
CN107657162A (en) * | 2017-09-22 | 2018-02-02 | 苏州大成有方数据科技有限公司 | A kind of safe electronic document management system |
WO2019056327A1 (en) * | 2017-09-22 | 2019-03-28 | 苏州大成有方数据科技有限公司 | Safe electronic file management system |
CN108090378A (en) * | 2017-12-07 | 2018-05-29 | 中国航空工业集团公司西安航空计算技术研究所 | The information encrypted master and controlling mechanism of a kind of IMA storage systems |
CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
CN111079163A (en) * | 2019-12-16 | 2020-04-28 | 国网山东省电力公司威海市文登区供电公司 | Encryption and decryption information system |
CN111079163B (en) * | 2019-12-16 | 2020-10-30 | 国网山东省电力公司威海市文登区供电公司 | Encryption and decryption information system |
CN114039736A (en) * | 2020-07-20 | 2022-02-11 | 广州汽车集团股份有限公司 | Method for dynamically loading encryption engine |
CN114039736B (en) * | 2020-07-20 | 2023-01-06 | 广州汽车集团股份有限公司 | Method for dynamically loading encryption engine |
CN112035436A (en) * | 2020-08-31 | 2020-12-04 | 国网天津市电力公司 | Energy big data application center system |
CN112882964A (en) * | 2021-03-04 | 2021-06-01 | 中国航空工业集团公司西安航空计算技术研究所 | High-capacity and high-safety storage system supporting multiple interfaces |
CN112882964B (en) * | 2021-03-04 | 2024-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | High-capacity high-safety storage system supporting multiple interfaces |
Also Published As
Publication number | Publication date |
---|---|
CN105530092B (en) | 2018-05-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105530092A (en) | IMA processor system information security management method | |
CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
EP3123657B1 (en) | Method and apparatus for cloud-assisted cryptography | |
CN106330868A (en) | Encrypted storage key management system and method of high-speed network | |
CN110061983A (en) | A kind of data processing method and system | |
CN101296086B (en) | Method, system and device for access authentication | |
CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
EP2745212A1 (en) | Virtual zeroisation system and method | |
CN101420686B (en) | Industrial wireless network security communication implementation method based on cipher key | |
CN103414682A (en) | Method for cloud storage of data and system | |
CN104468562B (en) | A kind of data security protecting portable terminal transparent towards Mobile solution | |
CN105610837B (en) | For identity authentication method and system between SCADA system main website and slave station | |
CN113329030A (en) | Block chain all-in-one machine, password acceleration card thereof, and key management method and device | |
CN111970114B (en) | File encryption method, system, server and storage medium | |
CN103226670B (en) | A kind of document access control system based on access control model | |
CN111143870A (en) | Distributed encryption storage device, system and encryption and decryption method | |
CN101908962B (en) | Key management method for integrated avionic system | |
CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
CN110519238B (en) | Internet of things security system and communication method based on cryptographic technology | |
CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
CN112422279B (en) | Intelligent terminal key management method and hierarchical management system | |
CN112565285B (en) | Communication encryption method suitable for rail transit | |
CN106612247A (en) | A data processing method and a storage gateway | |
CN109726584A (en) | Cloud database key management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |