CN105530092B - A kind of IMA processor systems information security management method - Google Patents

A kind of IMA processor systems information security management method Download PDF

Info

Publication number
CN105530092B
CN105530092B CN201510907911.7A CN201510907911A CN105530092B CN 105530092 B CN105530092 B CN 105530092B CN 201510907911 A CN201510907911 A CN 201510907911A CN 105530092 B CN105530092 B CN 105530092B
Authority
CN
China
Prior art keywords
information
secret
key
security
processor systems
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510907911.7A
Other languages
Chinese (zh)
Other versions
CN105530092A (en
Inventor
李成文
湛文韬
汤艳飞
王纯委
何小亚
姜琳琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautics Computing Technique Research Institute of AVIC
Original Assignee
Xian Aeronautics Computing Technique Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautics Computing Technique Research Institute of AVIC filed Critical Xian Aeronautics Computing Technique Research Institute of AVIC
Priority to CN201510907911.7A priority Critical patent/CN105530092B/en
Publication of CN105530092A publication Critical patent/CN105530092A/en
Application granted granted Critical
Publication of CN105530092B publication Critical patent/CN105530092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems

Abstract

The present invention proposes a kind of IMA processor systems information security management method, comprises the following steps:1) information security management group method:1.1) top-secret, secret, secret and common four safe classes of IMA processor systems information point are managed;If top-secret information level of confidentiality highest, general information level of confidentiality are minimum;1.2) secret and general information is set to be stored in processor system, top-secret and confidential information forbids storing in processor system, is only loaded temporarily by data loader;1.3) top-secret information, confidential information, secret information are identified and are encrypted by grade;1.4) information access rights management control is carried out by corresponding security level.A kind of IMA processor systems information security management method of the present invention, effective management information access right, control information transmission flow direction, solves IMA processor systems because the information security storage access problem that resource shared resources, data height fusion band are come.

Description

A kind of IMA processor systems information security management method
Technical field
The present invention is to belong to embedded computer system design field, more particularly to a kind of IMA processor systems letter Cease method for managing security.
Background technology
IMA processor systems have the characteristics that resource shared resources, data highly merge and software highly dense, thus it The information of different security levels is handled and shared, brings safe timely information sharing problem between different user.For this Problem proposes a kind of IMA processor systems information security management method, and IMA processor systems information point is top-secret, secret, secret Close and common four safe classes are managed, and top-secret information level of confidentiality highest, general information level of confidentiality are minimum;Secret and general information It can be stored in processor system, and top-secret and confidential information forbids always storing in processor system, is only loaded by data Device loads temporarily;Top-secret information, confidential information, secret information are identified and are encrypted by grade;System is applied by corresponding safety Rank carries out information access rights management control, and high safety rank user can access low security level information, low security level User forbids accessing high safety rank information.
The content of the invention
In order to solve the technical problem in the presence of background technology, the present invention proposes a kind of IMA processor systems information peace Full management method, effective management information access right, control information transmission flow direction, solves IMA processor systems because resource is high The information security storage access problem that degree is shared, data height fusion band is come.
The present invention technical solution be:A kind of IMA processor systems information security management method, it is characterised in that: It the described method comprises the following steps:
1) information security management group method:
1.1) top-secret, secret, secret and common four safe classes of IMA processor systems information point are managed;If Top-secret information level of confidentiality highest, general information level of confidentiality are minimum;
1.2) secret and general information is set to be stored in processor system, top-secret and confidential information is forbidden in processor system Store in system, only loaded temporarily by data loader;
1.3) top-secret information, confidential information, secret information are identified and are encrypted by grade;
1.4) information access rights management control is carried out by corresponding security level, high safety rank user allows to access low peace Full class information, low security level user forbid accessing high safety rank information.
2) information storage security management:
2.1) IMA processor systems are by secret and common two partition of the level memory banks storage information;
2.2) secret information is encrypted into row information by 64 des encryption algorithms of hardware realization and stored, and secret information is being write Hardware automatic encryption and decryption when entering and reading the data of solid-state memory system;
2.3) electric energy destruction in emergency circumstances is carried out to storage information, high-voltage great-current destruction power supply is loaded directly into and is deposited Store up on body chip power pin, impacted using reverse high-voltage large current, the storage unit of memory bank chip internal tube core is damaged Ruin.
3) information transmission security management:
3.1) function of data distribution (DSS) safety management middleware is increased between system software and bottom-layer network interface Software realizes information transmission security management;
3.2) safety management middleware software realizes authentication, data access control in network interface layer and DDS core layers System, data encrypting and deciphering, message integrity differentiate, key management functions;
3.3) safety management middleware software must configure the master key, public and private key and four encryption units of application module, right Answer the symmetric key of four security levels, master key is symmetric key, the public key exchanged between encrypting module, the peace between application module Full management middleware software shares master key, and the symmetric key of encryption unit is used for encrypting message.
Safety management middleware software sends information control flow journey:
4) application module A sends messages to application module B, and the safety management middleware on the two nodes is soft before communicating Established between part and connect and exchange mutual public key;
5) safety management middleware software A first generates digital finger-print according to HASH algorithms, and then numeral is referred to the private key of A Line is encrypted to form digital signature;
6) safety management middleware software A selects corresponding symmetric key according to message level of confidentiality, close with this multilevel symmetrical The message sent needed for key encryption, forms ciphertext;
7) with the public key encryption of safety management middleware software B this symmetric key, digital envelope is formed, digital signature, Digital envelope is together transferred to safety management middleware software B together with the message encrypted.
Safety management middleware software receive information control flow:
8) after safety management middleware software B receives message, digital finger-print is generated using the public key decryptions digital signature of A, Use the encrypted multilevel symmetrical key of the private cipher key decryption of oneself;
9) real message is gone out with multilevel symmetrical secret key decryption again;HASH algorithms are called to form digital finger-print, two numerals Fingerprint is compared, if identical, authentication by and differentiate that message integrity passes through.
It is an advantage of the invention that:
1) top-secret, secret, secret and common four safe classes of information point are managed, and different application is by corresponding safety etc. Level orientation corresponding information.
2) effectively management information access right, control information transmission flow to.
3) IMA processor systems are solved because the information security storage that resource shared resources, data height fusion band are come is visited Ask questions.
Brief description of the drawings
Fig. 1 is that IMA processor systems security middleware software of the present invention sends information control figure;
Fig. 2 is IMA processor systems security middleware software receive information control figure of the present invention;
Embodiment
The present invention proposes a kind of IMA processor systems information security management method, and IMA processor systems information point is exhausted Close, secret, secret and common four safe classes are managed, and top-secret information level of confidentiality highest, general information level of confidentiality are minimum;It is secret It can be stored with general information in processor system, and top-secret and confidential information forbids storing in processor system, it is only logical Data loader is crossed to load temporarily;Top-secret information, confidential information, secret information are identified and are encrypted by grade;System application Information access rights management control is carried out by corresponding security level, high safety rank user can access low security level information, Low security level user forbids accessing high safety rank information.Secret information storage in IMA processor systems passes through hardware certainly Dynamic encryption, in case of emergency carries out electric energy destruction.Information transmission is by system software and bottom in IMA processor systems Increase function of data distribution (DSS) safety management middleware software between layer network interface and realize information security management.
IMA processor system information security management method embodiments are as follows:
Information security management group method:1. top-secret, secret, secret and common four peaces of IMA processor systems information point Congruent level is managed, and top-secret information level of confidentiality highest, general information level of confidentiality are minimum;2. secret and general information can be in processor Stored in system, and top-secret and confidential information forbids always storing in processor system, is only loaded temporarily by data loader;③ Top-secret information, confidential information, secret information are identified and are encrypted by grade;4. system is applied carries out letter by corresponding security level Access rights management control is ceased, high safety rank user can access low security level information, and low security level user forbids visiting Ask high safety rank information.
Information storage security management:1. IMA processor systems are by secret and common two partition of the level memory banks storage letter Breath;2. secret information is encrypted into row information by 64 des encryption algorithms of hardware realization and stored, secret information is writing and is reading The automatic encryption and decryption of hardware, does not increase overhead during the data of solid-state memory system;3. in emergency circumstances storage information is carried out Electric energy is destroyed, and high-voltage great-current destruction power supply is loaded directly on memory bank chip power pin, big using reverse high voltage Rush of current, the storage unit of memory bank chip internal tube core is damaged.
Information transmission security management:1. increase function of data distribution between system software and bottom-layer network interface (DSS) safety management middleware software realizes information transmission security management;2. safety management middleware software is in network interface layer With DDS core layers, the work(such as authentication, data access control, data encrypting and deciphering, message integrity discriminating, key management are realized Energy;3. safety management middleware software must configure the master key, public and private key and four encryption unit (corresponding four peaces of application module Full rank) symmetric key, master key is symmetric key, for the public key exchanged between encrypting module, the safety between application module Management middleware software shares master key, and the symmetric key of encryption unit is used for encrypting message;4. application module A will send message Application module B is given, is established between the safety management middleware software on the two nodes connect and exchange mutual public affairs before communicating Key.As shown in Figure 1, safety management middleware software A first generates digital finger-print according to HASH algorithms, then with the private key logarithm of A Word fingerprint is encrypted to form digital signature;Then safety management middleware software A is selected corresponding symmetrical according to message level of confidentiality Key, encrypts the required message sent with this multilevel symmetrical key, ciphertext is formed, then with safety management middleware software B Public key encryption this symmetric key, form digital envelope, digital signature, digital envelope are together transmitted together with the message encrypted To safety management middleware software B.As shown in Fig. 2, after safety management middleware software B receives message, first by the public key of A Digital signature generation digital finger-print is decrypted, then using the encrypted multilevel symmetrical key of the private cipher key decryption of oneself, then is used The symmetric key decryption goes out real message.Then HASH algorithms are called to form digital finger-print, two digital finger-prints are compared, If identical, authentication by and differentiate that message integrity passes through.

Claims (3)

  1. A kind of 1. IMA processor systems information security management method, it is characterised in that:It the described method comprises the following steps:
    1) information security management group method:
    1.1) top-secret, secret, secret and common four safe classes of IMA processor systems information point are managed;It is if top-secret Information level of confidentiality highest, general information level of confidentiality are minimum;
    1.2) secret and general information is set to be stored in processor system, top-secret and confidential information is forbidden in processor system Storage, is only loaded temporarily by data loader;
    1.3) top-secret information, confidential information, secret information are identified and are encrypted by grade;
    1.4) information access rights management control is carried out by corresponding security level, high safety rank user allows to access low level security Other information, low security level user forbid accessing high safety rank information;
    2) information storage security management:
    2.1) IMA processor systems are by secret and common two partition of the level memory banks storage information;
    2.2) secret information by 64 des encryption algorithms of hardware realization into row information encrypt store, secret information write-in and Hardware automatic encryption and decryption when reading the data of solid-state memory system;
    2.3) electric energy destruction in emergency circumstances is carried out to storage information, high-voltage great-current destruction power supply is loaded directly into memory bank On chip power pin, impacted using reverse high-voltage large current, the storage unit of memory bank chip internal tube core is damaged;
    3) information transmission security management:
    3.1) function of data distribution (DSS) safety management middleware software is increased between system software and bottom-layer network interface Realize information transmission security management;
    3.2) safety management middleware software is in network interface layer and DDS core layers, realize authentication, data access control, Data encrypting and deciphering, message integrity differentiate, key management functions;
    3.3) safety management middleware software must configure the symmetrical of the master key of application module, public and private key and four encryption units Key, wherein four encryption units correspond to four security levels, master key is symmetric key, and the public key exchanged between encrypting module should Master key is shared with the safety management middleware software of intermodule, the symmetric key of encryption unit is used for encrypting message.
  2. 2. IMA processor systems information security management method according to claim 1, it is characterised in that:In safety management Between part software send information control flow journey:
    4) application module A sends messages to application module B, before communicating between the safety management middleware software on the two nodes Establish and connect and exchange mutual public key;
    5) safety management middleware software A first generates digital finger-print according to HASH algorithms, then with the private key of A to digital finger-print into Row encryption forms digital signature;
    6) safety management middleware software A selects corresponding symmetric key according to message level of confidentiality, is added with this multilevel symmetrical key The message sent needed for close, forms ciphertext;
    7) with this symmetric key of the public key encryption of safety management middleware software B, digital envelope, digital signature, numeral are formed Envelope is together transferred to safety management middleware software B together with the message encrypted.
  3. 3. IMA processor systems information security management method according to claim 2, it is characterised in that:In safety management Between part software receive information control flow:
    8) after safety management middleware software B receives message, digital finger-print is generated using the public key decryptions digital signature of A, is used The multilevel symmetrical key that the private cipher key decryption of oneself is encrypted;
    9) real message is gone out with multilevel symmetrical secret key decryption again;HASH algorithms are called to form digital finger-print, two digital finger-prints Be compared, if identical, authentication by and differentiate that message integrity passes through.
CN201510907911.7A 2015-12-09 2015-12-09 A kind of IMA processor systems information security management method Active CN105530092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510907911.7A CN105530092B (en) 2015-12-09 2015-12-09 A kind of IMA processor systems information security management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510907911.7A CN105530092B (en) 2015-12-09 2015-12-09 A kind of IMA processor systems information security management method

Publications (2)

Publication Number Publication Date
CN105530092A CN105530092A (en) 2016-04-27
CN105530092B true CN105530092B (en) 2018-05-08

Family

ID=55772106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510907911.7A Active CN105530092B (en) 2015-12-09 2015-12-09 A kind of IMA processor systems information security management method

Country Status (1)

Country Link
CN (1) CN105530092B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101923100B1 (en) * 2015-12-10 2018-11-28 지멘스 악티엔게젤샤프트 Distributed embedded data and knowledge management system integrated with PLC historian
CN107657162A (en) * 2017-09-22 2018-02-02 苏州大成有方数据科技有限公司 A kind of safe electronic document management system
WO2019056327A1 (en) * 2017-09-22 2019-03-28 苏州大成有方数据科技有限公司 Safe electronic file management system
CN107633177A (en) * 2017-09-22 2018-01-26 苏州大成有方数据科技有限公司 A kind of file management method of graded encryption
CN108090378A (en) * 2017-12-07 2018-05-29 中国航空工业集团公司西安航空计算技术研究所 The information encrypted master and controlling mechanism of a kind of IMA storage systems
CN110493168A (en) * 2018-07-19 2019-11-22 江苏恒宝智能系统技术有限公司 Medical curative effect based on asymmetric encryption techniques monitors sharing method
CN111079163B (en) * 2019-12-16 2020-10-30 国网山东省电力公司威海市文登区供电公司 Encryption and decryption information system
CN114039736B (en) * 2020-07-20 2023-01-06 广州汽车集团股份有限公司 Method for dynamically loading encryption engine
CN112035436A (en) * 2020-08-31 2020-12-04 国网天津市电力公司 Energy big data application center system
CN112882964A (en) * 2021-03-04 2021-06-01 中国航空工业集团公司西安航空计算技术研究所 High-capacity and high-safety storage system supporting multiple interfaces

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
INTEGRATED MODULAR AVIONICS: MANAGING THE ALLOCATION OF SHARED INTERSYSTEM RESOURCES;Christopher B. Watkins, Smiths Aerospace LLC, Grand Rapids, MI;《IEEE》;20061231;全文 *
综合模块化航空电子体系结构研究;张风鸣,褚文奎,樊晓光,万明;《电光与控制》;20090930;全文 *
综合航电系统信息安全性设计;王和平;《计算机应用》;20110630;全文 *

Also Published As

Publication number Publication date
CN105530092A (en) 2016-04-27

Similar Documents

Publication Publication Date Title
CN105530092B (en) A kind of IMA processor systems information security management method
WO2020181845A1 (en) Method and device for encrypting blockchain data, computer apparatus, and storage medium
US9503433B2 (en) Method and apparatus for cloud-assisted cryptography
US9609024B2 (en) Method and system for policy based authentication
CN111541725B (en) Block chain all-in-one machine, password acceleration card thereof, and key management method and device
US7095859B2 (en) Managing private keys in a free seating environment
CN106330868A (en) Encrypted storage key management system and method of high-speed network
CN111475827A (en) Private data query method and device based on down-link authorization
CN110061983A (en) A kind of data processing method and system
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN111143870B (en) Distributed encryption storage device, system and encryption and decryption method
CN101800738A (en) Realization system and method for safely visiting and storing intranet data by mobile equipment
CN101515319A (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
CN104484628B (en) It is a kind of that there is the multi-application smart card of encrypting and decrypting
CN104468562A (en) Portable transparent data safety protection terminal oriented to mobile applications
WO2022104860A1 (en) Apparatus and method of lightweight communication protocols between multiple blockchains
CN110519238B (en) Internet of things security system and communication method based on cryptographic technology
CN106992978A (en) Network safety managing method and server
EP2503480A1 (en) Method and devices for secure data access and exchange
CN114697008A (en) Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
CN109726584A (en) Cloud database key management system
CN114629652A (en) Key management system based on physical uncloneable function and operation method thereof
CN211087341U (en) Information security enhanced intelligent lock
CN108090378A (en) The information encrypted master and controlling mechanism of a kind of IMA storage systems
CN114244509A (en) Method for carrying out SM2 one-time pad bidirectional authentication unlocking by using mobile terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant