CN107888599B - Two-way communication system and method between high-low security network domains of avionics - Google Patents
Two-way communication system and method between high-low security network domains of avionics Download PDFInfo
- Publication number
- CN107888599B CN107888599B CN201711147073.3A CN201711147073A CN107888599B CN 107888599 B CN107888599 B CN 107888599B CN 201711147073 A CN201711147073 A CN 201711147073A CN 107888599 B CN107888599 B CN 107888599B
- Authority
- CN
- China
- Prior art keywords
- avionic
- network
- module
- security
- avionics
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
In order to solve the problem of bidirectional communication between high and low security network domains in an avionic system, the invention provides a bidirectional communication system and method between the high and low security network domains in the avionic system, a module for communicating with low security level application is deployed at a system application layer of a security domain boundary control device, a module for communicating with high security level application is deployed at a system core layer, and the physical isolation of the high and low security level communication control module in the module is realized; the avionic network transmission control module and the avionic network transmission module are adopted to realize data transmission from a low-security network domain to a high-security network domain; the avionic network receiving module is adopted to realize data transmission from a high-security network domain to a low-security network domain, and physical isolation is realized between two data communication streams; the problems of bidirectional communication, safety isolation and flow direction protection between a high-safety network domain and a low-safety network domain in an airborne environment are effectively solved, and the bidirectional data communication between the civil passenger plane maintenance and information service integrated airborne information system and the avionic network is realized.
Description
Technical Field
The invention belongs to the technical field of communication, and relates to a two-way communication system and method between high and low security network domains of avionics.
Background
In the field of aviation, the high-safety application of operation in an avionics system provides guarantee for the normal operation of the whole aircraft. In a traditional aircraft system architecture, avionic data is transmitted in a closed airborne environment through a special bus, so that security threat of external information is avoided, and safety of the avionic data is guaranteed. With the large number of applications of information technology in civil avionics systems, in order to provide more and more convenient services to aircraft users (such as aircraft operators, pilots, maintenance personnel, etc.), an onboard network service system composed of lower security level platforms and constructed by an ethernet network is introduced, and low security level applications reside and run on the onboard network service system.
The novel civil aircraft avionics system network domain is divided into a high-safety network domain and a low-safety network domain, applications with higher safety level (safety level A-C) reside in the high-safety network domain, and applications with lower safety level (safety level D-E) reside in the low-safety network domain. To fulfill the service function requirements, a large amount of data needs to be exchanged in real time between the high security level application and the low security level application. Therefore, the high-security network domain faces the security threat of the network information from the low-security network domain, and further influences the security of the high-security network domain, and brings security influence to airplane operation.
Disclosure of Invention
In order to solve the problem of bidirectional communication between high and low safety network domains in the avionics system, the invention provides a bidirectional communication system and method between the high and low safety network domains in the avionics system, and the information safety of the high and low safety network during bidirectional communication is ensured by physical isolation of a communication control module and isolation between data communication streams.
The technical scheme of the invention is as follows:
a two-way communication system between high and low safety network domains of avionics is characterized in that: in a security domain boundary control device located in an onboard information system, the two-way communication system includes
An information network communication agent module 101, located in the system application layer of the security domain boundary control device, for implementing the low security level application communication agent function in the information network, performing check and control on the message entering and exiting the security domain boundary control device according to the rule read from the information network communication control table 102, and sending the checked message to the avionic network transmission control module 103 through a unidirectional communication pipeline;
the avionics network transmission control module 103 is positioned in a system core layer of the security domain boundary control device, realizes the avionics network transmission check and control according to the check rule read from the avionics transmission control table 104, and transmits the checked message to the avionics network transmission module 105;
the avionic network sending module 105 is positioned in a system core layer of the security domain boundary control device and used for realizing an avionic network message sending function;
the avionic network receiving module 107 is positioned in a system core layer of the security domain boundary control device and used for realizing an avionic network message receiving function and sending the received network message to the information network communication agent module 101 through a one-way communication pipeline;
and the operation monitoring and log recording module 109 is located in a system core layer of the security domain boundary control device and is used for monitoring the operation states of the information network communication agent module 101, the avionic network transmission control module 103, the avionic network transmission module 105 and the avionic network receiving module 107, monitoring whether the integrity of the information network communication control table 102 and the avionic network transmission control table 104 is damaged or not, and simultaneously recording and storing a monitoring log.
Further, the avionic network transmission module 105 encapsulates the avionic network communication frame according to the transmission configuration in the avionic transmission configuration table 106, and calls an avionic network end node driver to perform message transmission; the avionic network receiving module 107 calls the avionic network end node to drive and receive the avionic network communication frame according to the receiving configuration in the avionic receiving configuration table 108, analyzes the communication frame, and then sends a network message to the information network communication agent module 101.
Further, the operation monitoring and log recording module 109 is further configured to monitor whether the integrity of the avionics transmission configuration table 106 and the avionics reception configuration table 108 is damaged, and record and store a monitoring log.
The invention also provides a two-way communication method between the high-low security network domains of the avionics, which comprises the following steps,
step 1: the low security network domain transmits data to the high security network domain;
step 1.1: the information network communication agent module 101 checks the credibility of the data message sent by the external low-security level application according to the rule in the information network communication control table 102, if the message is credible, the data message is sent to the avionic network sending control module 103 through a one-way communication pipeline, otherwise, the step 1.4 is carried out;
step 1.2, the avionics network transmission control module 103 checks whether the data message is in compliance according to the rules of the avionics transmission control table 104, if the message is in compliance, the data message is transmitted to the avionics network transmission module 105 through a one-way communication pipeline, and if not, the step 1.4 is carried out;
step 1.3: the avionics network sending module 105 packages the received data message according to the avionics network message format according to the avionics sending configuration table 106, sends the data message to the high-security-level application through the avionics network, and goes to step 1.5;
step 1.4: discarding the message, and notifying the operation monitoring and log recording module 109 to record the log;
step 1.5: ending the transmission process;
step 2: the high-security network domain transmits data to the low-security network domain;
step 2.1: the high-security-level application sends the avionic communication frame to an avionic network receiving module 107 through an avionic network;
step 2.2: after receiving the avionic communication frame, the avionic network receiving module 107 unpacks the communication frame to obtain a data message in the frame, and checks the compliance of the message according to the avionic receiving configuration table 108; if the message is in compliance, sending the data message to the information network communication agent module 101 through the one-way communication pipeline, and turning to step 2.3; otherwise, turning to step 2.4;
step 2.3: after receiving the data message, the information network communication agent module 101 sends the data message to the low security level application according to the rule in the information network communication control table 101, and then the step 2.5 is carried out;
step 2.4: discarding the message, and notifying the operation monitoring and log recording module 109 to record the log;
step 2.5: ending the transmission process;
step 3, running a state monitoring process;
the operation monitoring and log recording module 109 monitors the operation state of other modules according to a set monitoring period, monitors the integrity of the information network communication control table 102, the avionic transmission control table 104, the avionic transmission configuration table 106 and the avionic reception configuration table 108, and records and stores monitoring logs;
the steps 1 to 3 are performed in parallel.
Further, the step 3) is specifically:
step 3.1, starting the operation monitoring and log recording module 109;
step 3.2, the operation monitoring and log recording module 109 checks whether the monitoring cycle time is up, if so, the step 3.3 is entered, otherwise, the waiting is continued;
step 3.3, the operation monitoring and log recording module 109 calculates the check code of the information network communication control table 102 by adopting a hash algorithm, and then compares the check code with the check code recorded in advance;
step 3.4, if the numerical values of the two check codes are the same, the step 3.5 is carried out, otherwise, the step 3.14 is carried out;
step 3.5, the operation monitoring and log recording module 109 adopts a hash algorithm to calculate the check code of the avionic transmission control table 104, and then compares the check code with the check code recorded in advance;
step 3.6, if the numerical values of the two check codes are the same, the step 3.7 is carried out, otherwise, the step 3.14 is carried out;
step 3.7, the operation monitoring and log recording module 109 calculates the check code of the avionics transmission configuration table 106 by adopting a hash algorithm, and then compares the check code with the pre-recorded check code;
3.8, if the numerical values of the two check codes are the same, turning to the step 3.9, otherwise, turning to the step 3.14;
step 3.9, the operation monitoring and log recording module 109 adopts a hash algorithm to calculate the check code of the avionics receiving configuration table 108, and then compares the check code with the pre-recorded check code;
3.10, if the numerical values of the two check codes are the same, turning to the step 3.11, otherwise, turning to the step 3.14;
step 3.11, the operation monitoring and log recording module 109 checks the operation states of the information network communication agent module 101, the avionic network transmission control module 103, the avionic network transmission module 105 and the avionic network receiving module 107;
step 3.12, if the running states of all the modules are normal, the step 3.13 is carried out, and if the running state of any module is abnormal, the step 3.14 is carried out;
step 3.13, recording the monitoring activity log, and turning to step 3.2;
and 3.14, recording the fault log, and terminating the operation of the information network communication agent module 101, the avionic network transmission control module 103, the avionic network transmission module 105 and the avionic network receiving module 107.
Further, the Hash Algorithm in the step 3.3, the step 3.5, the step 3.7 and the step 3.9 adopts SHA (Secure Hash Algorithm) to ensure the integrity of the information data and enhance the anti-attack capability.
The invention has the advantages that:
1) the security domain boundary control device is internally divided into a system core layer and a system application layer, a module for communicating with low-security-level application is deployed on the system application layer, and a module for communicating with high-security-level application is deployed on the system core layer, so that the physical isolation of high-security-level communication control modules and low-security-level communication control modules in the modules is realized; the avionic network transmission control module and the avionic network transmission module are adopted to realize data transmission from a low-security network domain to a high-security network domain; the avionic network receiving module is adopted to realize data transmission from a high-security network domain to a low-security network domain, and physical isolation is realized between two data communication streams; the problems of bidirectional communication, safety isolation and flow direction protection between a high-safety network domain and a low-safety network domain in an airborne environment are effectively solved, and the bidirectional data communication between the civil passenger plane maintenance and information service integrated airborne information system and the avionic network is realized.
2) The invention adopts an information network communication control table, a avionic transmission control table and an avionic transmission configuration table which are respectively matched with an information network communication agent module, an avionic network transmission control module and an avionic network transmission module, thereby realizing the communication flow safety control of 3-level from low to high safety level; the avionics receiving configuration table and the information network communication control table are respectively matched with the avionics network receiving module and the information network communication agent module, so that the safety control of the communication flow of 2-level from high to low safety level is realized; the safety control of the communication flow from low level to high level and the safety control of the communication flow from high level to low level are operated in parallel, thereby not only realizing the hierarchical safety control of communication, but also considering the operation efficiency.
3) The invention adopts the operation monitoring and log recording module to periodically check the integrality of the information network communication control table, the avionic transmission configuration table and the avionic receiving configuration table in real time, can discover the safety characteristics of key operation data in time and strengthen the operation safety of the system.
Drawings
Fig. 1 is an overall architecture of the bi-directional communication system of the present invention.
Fig. 2 is a data flow model of the present invention from a low security network domain to a high security network domain.
Figure 3 is a data flow model of the present invention for a high security network domain flowing to a low security network domain.
Fig. 4 illustrates a data transmission process from a low security network domain to a high security network domain in accordance with the present invention.
Fig. 5 is a data transmission process from a high security network domain to a low security network domain in accordance with the present invention.
Fig. 6 is a process of monitoring the operation state of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
System architecture composition
The architecture composition of the bidirectional communication system of the present invention is shown in fig. 1, and each functional module is arranged in the security domain boundary control device, and comprises:
(1) the information network communication agent module 101: the module is positioned at a system application layer of the security domain boundary control device, completes the low security level application communication agent function in the information network, reads the rule from the information network communication control table 102, and checks and controls the information entering and exiting the security domain boundary control device; when sending, the message that the check passes is sent to the avionics network sending control module 103; upon receipt, a message is received from the avionics network reception module 107.
(2) Information network communication control table 102: a system application layer located in the security domain boundary control device, which allocates a storage area in the system application layer memory and stores an information network communication control rule, which is read by the information network communication agent module 101; the information network communication control table 102 is established at the initialization of the communication system, and the writing or modification is prohibited in the working process so as to enhance the safety during the operation.
(3) Avionics network transmission control module 103: the module is located in a system core layer of a security domain boundary control device, and completes avionics network transmission check and control, check rules are read from an avionics transmission control table 104, and checked messages are sent to an avionics network transmission module 105 by an avionics network transmission control module 103.
(4) Avionics transmission control table 104: a system kernel layer located in the security domain boundary control device allocates a storage area in a system kernel layer memory, and stores an avionic network transmission control rule, which is read by the avionic network transmission control module 103; the avionic transmission control table 104 is established at the initialization of the communication system and is prohibited from being written or modified during operation.
(5) Avionics network transmission module 105: the module is positioned in a system core layer of the security domain boundary control device and completes the avionic network message sending function; the module encapsulates the avionics network communication frames according to the transmission configuration in the avionics transmission configuration table 106 and invokes the avionics network end node driver to send messages.
(6) Avionics transmission configuration table 106: a system core layer located in the security domain boundary control device allocates a storage area in a system core layer memory, stores avionic network transmission configuration information, and reads the transmission configuration information by the avionic network transmission module 105; the avionics transmission configuration table 106 is established at initialization of the communication system and is prohibited from being written or modified during operation.
(7) Avionics network reception module 107: the module is positioned in a system core layer of the security domain boundary control device and completes the receiving function of the communication frame of the avionic network; the module calls an avionic network end node to drive and receive an avionic network communication frame according to the receiving configuration in the avionic network receiving module 107, analyzes the communication frame, and then sends a message to the information network communication agent module 101.
(8) Avionics reception configuration table 108: a system core layer located in the security domain boundary control device allocates a storage area in a system core layer memory, stores avionic network reception configuration information, and reads the reception configuration information by an avionic network receiving module 107; the avionics reception configuration table 108 is established at initialization of the communication system and is prohibited from being written or modified during operation.
(9) The operation monitoring and logging module 109: the module is located in a system core layer of a security domain boundary control device, and in the working process of the module, the module monitors the running states of an information network communication agent module 101, an avionic network sending control module 103, an avionic network sending module 105 and an avionic network receiving module 107, monitors whether the integrality of an information network communication control table 102, an avionic sending control table 104, an avionic sending configuration table 106 and an avionic receiving configuration table 108 is damaged, and records and stores a monitoring log.
All the modules can be realized by adopting the existing units.
Data flow model
The invention realizes the separation control of the communication flow direction by isolating the data flow, and the data flow model is shown in fig. 2 and fig. 3.
(1) Referring to fig. 2, a data flow model for a low security network domain to a high security network domain is as follows:
step 1: and after receiving the data message, the information network communication agent module checks whether the data message is credible according to the rules read from the information network communication control table, and sends a response message to the low-security level application.
Step 2: the information network communication agent module sends the data message to the avionic network sending control module through the one-way communication pipeline.
And step 3: after receiving the data message, the avionics network transmission control module checks the compliance of the data message according to the check rule read from the avionics transmission control table, and transmits the compliance data message to the avionics network transmission module through the one-way communication pipeline.
And 4, step 4: and after receiving the data message, the avionic network sending module encapsulates the data message into an avionic network communication frame according to the sending configuration information read from the avionic sending configuration table, and sends the avionic network communication frame to the high-security-level application in the high-security network domain through a corresponding avionic network port.
(2) Referring to fig. 3, the data flow model for a high security network domain to a low security network domain is as follows:
step 1: the high-security-level application in the high-security network transmits a communication frame to the security domain boundary control device through the avionic network, and the avionic network receiving module receives the communication frame according to the receiving configuration information read from the avionic receiving configuration table;
step 2: the avionic network receiving module unpacks the avionic network communication frames and sends the avionic network communication frames to the information network communication agent module through a one-way communication pipeline;
and step 3: and after receiving the avionic data, the information network communication agent module sends the avionic data to a low-security level application in a low-security network domain according to the control rule read from the information network communication control table.
Third, operation process
The invention is divided into 3 parts of parallel operation steps, namely a data transmission process from a low-security network domain to a high-security network domain, a data transmission process from the high-security network domain to the low-security network domain and an operation monitoring process.
(1) Data transmission process from the low security network domain to the high security network domain, see fig. 4:
step 1, the low security level application sends a data message to an information network communication agent module through an information network;
step 2, the information network communication agent module checks the credibility of the data message according to the rules in the information network communication control table;
step 3, if the message is credible, step 4 is carried out, otherwise step 9 is carried out;
step 4, the information network communication agent module transmits the data information to the avionic network transmission control module through a one-way communication pipeline;
step 5, after the avionics network transmission control module receives the data message, checking the compliance of the message according to the rules of the avionics transmission control table;
step 6, if the message is in compliance, step 7 is carried out, otherwise step 9 is carried out;
step 7, the avionic network transmission control module transmits the data information to the avionic network transmission module through a one-way communication pipeline;
step 8, the avionic network sending module packages the received data message according to the avionic network message format according to the sending configuration information in the avionic sending configuration table, sends the data message to the high-security-level application through the avionic network, and goes to step 10;
step 9, discarding the message, and informing the operation monitoring and log recording module to record the log;
and step 10, ending the transmission process.
(2) Data transmission process from high security network domain to low security network domain, see fig. 5:
step 1, the high-security-level application sends an avionic communication frame to an avionic network receiving module through an avionic network;
step 2, after receiving the avionic communication frame, the avionic network receiving module unpacks the communication frame to obtain data information in the frame, and checks the compliance of the data information according to the receiving configuration information in the avionic receiving configuration table;
step 3, if the message is in compliance, step 4 is carried out, otherwise step 6 is carried out;
step 4, the avionic network receiving module sends a data message to the information network communication agent module through a one-way communication pipeline;
step 5, after receiving the data message, the information network communication agent module sends the data message to the low security level application according to the control rule in the information network communication control table;
step 6, discarding the message, and informing the operation monitoring and log recording module to record the log;
and 7, finishing the transmission process.
(3) The operation state monitoring process, see fig. 6:
step 1, starting an operation monitoring and log recording module;
step 2, the operation monitoring and log recording module checks whether the monitoring period time is up, if so, the step 3 is carried out, otherwise, the operation monitoring and log recording module continues to wait;
step 3, the operation monitoring and log recording module adopts a hash algorithm (SHA or MD5 can be selected) to calculate the check code of the information network communication control table, and then the check code is compared with the check code recorded in advance;
step 4, if the two check codes have the same numerical value, the step 5 is carried out, otherwise, the step 14 is carried out;
step 5, the operation monitoring and log recording module adopts a hash algorithm (SHA or MD5 can be selected) to calculate a check code of the avionics transmission control table, and then the check code is compared with a pre-recorded check code;
step 6, if the two check codes have the same numerical value, the step 7 is carried out, otherwise, the step 14 is carried out;
step 7, calculating a check code of the avionics transmission configuration table by adopting a hash algorithm (SHA or MD5 can be selected) by the operation monitoring and log recording module, and then comparing the check code with a pre-recorded check code;
step 8, if the two check codes have the same numerical value, the step 9 is carried out, otherwise, the step 14 is carried out;
step 9, calculating a check code of the avionics receiving configuration table by the operation monitoring and log recording module by adopting a hash algorithm (SHA or MD5 can be selected), and then comparing the check code with a pre-recorded check code;
step 10, if the two check codes have the same numerical value, the step 11 is carried out, otherwise, the step 14 is carried out;
step 11, the operation monitoring and log recording module checks the operation states of the information network communication agent module, the avionic network sending control module, the avionic network sending module and the avionic network receiving module;
step 12, if the running states of all modules are normal, turning to step 13, and if the running state of any module is abnormal, turning to step 14;
step 13, recording the monitoring activity log, and turning to step 2;
and step 14, recording the fault log, and terminating the operation of the information network communication agent module, the avionic network sending control module, the avionic network sending module and the avionic network receiving module.
Claims (5)
1. A two-way communication system between high and low security network domains of an avionics system, in a security domain boundary control device of an airborne information system, said two-way communication system comprising:
the information network communication agent module (101) is positioned at a system application layer of the security domain boundary control device and is used for realizing the low-security level application communication agent function in the information network, checking and controlling the information entering and exiting the security domain boundary control device according to the rule read from the information network communication control table (102), and sending the checked information to the avionic network sending control module (103) through a one-way communication pipeline;
the avionic network transmission control module (103) is positioned in a system core layer of the security domain boundary control device, realizes the avionic network transmission check and control according to the check rule read from the avionic transmission control table (104), and transmits the checked message to the avionic network transmission module (105);
the avionic network sending module (105) is positioned in a system core layer of the security domain boundary control device, packages an avionic network communication frame according to sending configuration in the avionic sending configuration table (106), and calls an avionic network end node driver to send a message;
the avionic network receiving module (107) is positioned in a system core layer of the security domain boundary control device, calls an avionic network end node to drive and receive an avionic network communication frame according to receiving configuration in the avionic receiving configuration table (108), analyzes the communication frame and then sends a network message to the information network communication agent module (101);
and the operation monitoring and log recording module (109) is positioned in a system core layer of the security domain boundary control device and is used for monitoring the operation states of the information network communication agent module (101), the avionic network transmission control module (103), the avionic network transmission module (105) and the avionic network receiving module (107), monitoring whether the integrality of the information network communication control table (102) and the avionic network transmission control table (104) is damaged or not and simultaneously recording and storing a monitoring log.
2. The two-way communication system between avionics high and low security networks according to claim 1, characterized in that:
the operation monitoring and logging module (109) is also used for monitoring whether the integrity of the avionics sending configuration table (106) and the avionics receiving configuration table (108) is damaged or not, and simultaneously recording and storing a monitoring log.
3. The method for two-way communication between high and low safety network domains of avionics is characterized by comprising the following steps,
step 1: the low security network domain transmits data to the high security network domain;
step 1.1: the information network communication agent module (101) checks the credibility of the data message sent by the external low-security level application according to the rule in the information network communication control table (102), if the message is credible, the data message is sent to the avionic network sending control module (103) through a one-way communication pipeline, and if not, the step 1.4 is carried out;
step 1.2, the avionics network transmission control module (103) checks whether the data message is in compliance according to the rule of the avionics transmission control table (104), if the message is in compliance, the data message is transmitted to the avionics network transmission module (105) through a one-way communication pipeline, and if not, the step 1.4 is carried out;
step 1.3: the avionic network sending module (105) packages the received data message according to an avionic network message format according to an avionic sending configuration table (106), sends the data message to the high-security-level application through the avionic network, and then turns to the step 1.5;
step 1.4: discarding the message, and informing the operation monitoring and log recording module (109) to record the log;
step 1.5: ending the transmission process;
step 2: the high-security network domain transmits data to the low-security network domain;
step 2.1: the high-safety-level application sends the avionic communication frame to an avionic network receiving module (107) through an avionic network;
step 2.2: after receiving the avionic communication frame, the avionic network receiving module (107) unpacks the communication frame to obtain a data message in the frame, and checks the compliance of the message according to an avionic receiving configuration table (108); if the message is in compliance, sending the data message to an information network communication agent module (101) through a one-way communication pipeline, and turning to the step 2.3; otherwise, turning to step 2.4;
step 2.3: after receiving the data message, the information network communication agent module (101) sends the data message to the low-security level application according to the rule in the information network communication control table (102), and the step 2.5 is carried out;
step 2.4: discarding the message, and informing the operation monitoring and log recording module (109) to record the log;
step 2.5: ending the transmission process;
step 3, running a state monitoring process;
the operation monitoring and log recording module (109) monitors the operation states of other modules according to a set monitoring period, monitors the integrality of the information network communication control table (102), the avionic transmission control table (104), the avionic transmission configuration table (106) and the avionic reception configuration table (108), and records and stores monitoring logs;
the steps 1 to 3 are performed in parallel.
4. The method according to claim 3, wherein the step 3) is specifically:
step 3.1, starting an operation monitoring and log recording module (109);
step 3.2, the operation monitoring and log recording module (109) checks whether the monitoring cycle time is up, if so, the step 3.3 is carried out, otherwise, the waiting is continued;
step 3.3, the operation monitoring and log recording module (109) adopts a hash algorithm to calculate the check code of the information network communication control table (102), and then the check code is compared with the check code recorded in advance;
step 3.4, if the numerical values of the two check codes are the same, the step 3.5 is carried out, otherwise, the step 3.14 is carried out;
step 3.5, the operation monitoring and log recording module (109) adopts a hash algorithm to calculate a check code of the avionic transmission control table (104), and then the check code is compared with a pre-recorded check code;
step 3.6, if the numerical values of the two check codes are the same, the step 3.7 is carried out, otherwise, the step 3.14 is carried out;
step 3.7, the operation monitoring and log recording module (109) adopts a hash algorithm to calculate a check code of the avionics transmission configuration table (106), and then the check code is compared with a pre-recorded check code;
3.8, if the numerical values of the two check codes are the same, turning to the step 3.9, otherwise, turning to the step 3.14;
step 3.9, the operation monitoring and log recording module (109) adopts a hash algorithm to calculate a check code of the avionics receiving configuration table (108), and then the check code is compared with a pre-recorded check code;
3.10, if the numerical values of the two check codes are the same, turning to the step 3.11, otherwise, turning to the step 3.14;
step 3.11, the operation monitoring and log recording module (109) checks the operation states of the information network communication agent module (101), the avionic network transmission control module (103), the avionic network transmission module (105) and the avionic network receiving module (107);
step 3.12, if the running states of all the modules are normal, the step 3.13 is carried out, and if the running state of any module is abnormal, the step 3.14 is carried out;
step 3.13, recording the monitoring activity log, and turning to step 3.2;
and 3.14, recording the fault log, and terminating the operation of the information network communication agent module (101), the avionic network transmission control module (103), the avionic network transmission module (105) and the avionic network receiving module (107).
5. The method according to claim 4, wherein said method comprises: the hash algorithm in step 3.3, step 3.5, step 3.7 and step 3.9 adopts SHA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711147073.3A CN107888599B (en) | 2017-11-17 | 2017-11-17 | Two-way communication system and method between high-low security network domains of avionics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711147073.3A CN107888599B (en) | 2017-11-17 | 2017-11-17 | Two-way communication system and method between high-low security network domains of avionics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107888599A CN107888599A (en) | 2018-04-06 |
| CN107888599B true CN107888599B (en) | 2020-10-27 |
Family
ID=61777247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711147073.3A Active CN107888599B (en) | 2017-11-17 | 2017-11-17 | Two-way communication system and method between high-low security network domains of avionics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107888599B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109819012B (en) * | 2018-12-07 | 2021-08-31 | 中国航空工业集团公司西安航空计算技术研究所 | Airborne information management system based on networked information processing platform |
| CN109831438B (en) * | 2019-02-19 | 2022-03-11 | 中国航空工业集团公司西安航空计算技术研究所 | Two-way communication system and method between avionic network domain and information network domain based on virtualization |
| CN109714366B (en) * | 2019-02-19 | 2021-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | Bidirectional communication system and method between avionic network domain and information network domain |
| CN111585982B (en) * | 2020-04-24 | 2022-12-06 | 云南电网有限责任公司信息中心 | Restful information exchange system and method for different-level security networks |
| CN113395260B (en) * | 2021-05-13 | 2023-03-31 | 中国航空工业集团公司西安航空计算技术研究所 | Network security verification system and method for civil aircraft airborne information system |
| CN113347022B (en) * | 2021-05-13 | 2022-11-11 | 中国航空工业集团公司西安航空计算技术研究所 | Civil aircraft airborne information system network security capability detection system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662359A (en) * | 2009-08-17 | 2010-03-03 | 珠海市鸿瑞信息技术有限公司 | Security protection method of communication data of special electricity public network |
| CN103685273A (en) * | 2013-12-14 | 2014-03-26 | 中国航空工业集团公司第六三一研究所 | Method for controlling multi-stage access to avionic data by civil onboard network service system |
| CN105553965A (en) * | 2015-12-10 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Airborne information safety critical data integrity protection system and method |
| CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
-
2017
- 2017-11-17 CN CN201711147073.3A patent/CN107888599B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662359A (en) * | 2009-08-17 | 2010-03-03 | 珠海市鸿瑞信息技术有限公司 | Security protection method of communication data of special electricity public network |
| CN101662359B (en) * | 2009-08-17 | 2011-11-30 | 中国南方电网有限责任公司 | Security protection method of communication data of special electricity public network |
| CN103685273A (en) * | 2013-12-14 | 2014-03-26 | 中国航空工业集团公司第六三一研究所 | Method for controlling multi-stage access to avionic data by civil onboard network service system |
| CN105553965A (en) * | 2015-12-10 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Airborne information safety critical data integrity protection system and method |
| CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
Non-Patent Citations (1)
| Title |
|---|
| 单向安全隔离与信息交换机制的研究与实现;陈达;《中国优秀硕士学位论文全文数据库 信息科技辑》;20151015;1-4,18-25 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107888599A (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888599B (en) | Two-way communication system and method between high-low security network domains of avionics | |
| EP3244577A1 (en) | Broadband communication network architecture for train control and service common network, and communication method | |
| EP4163183A1 (en) | Information security protection method and apparatus | |
| CN105847290A (en) | Data transmission method and data transmission system for physical isolation network | |
| CN107968775B (en) | Data processing method and device, computer equipment and computer readable storage medium | |
| CN101764768A (en) | Data security transmission system | |
| CN109842649A (en) | A kind of urban rail transit equipment health control method and device | |
| CN103237059B (en) | Traffic information data and command interaction method | |
| CN204089849U (en) | A kind of network isolating device based on industrial control protocols | |
| CN104794086B (en) | A kind of serial communication method of the security system of serial communication and safety | |
| CN110557244B (en) | Application data unit encryption method in water conservancy industrial control system | |
| CN202979014U (en) | Network isolation device | |
| CN108600235B (en) | Interface device and method for data exchange | |
| US20230087311A1 (en) | System and method for detection and prevention of cyber attacks at in-vehicle networks | |
| CN108556877B (en) | Method, device and system for realizing train control system information safety protection | |
| CN104468301A (en) | Safety output method based on MVB communication | |
| CN109831438B (en) | Two-way communication system and method between avionic network domain and information network domain based on virtualization | |
| CN101753318B (en) | System and method for realizing data recording function of grouping exchanger | |
| CN108616591B (en) | Interface device and method for data exchange | |
| EP3703328B1 (en) | Rssp-ii security protocol separation and deployment method | |
| CN109714366B (en) | Bidirectional communication system and method between avionic network domain and information network domain | |
| CN105306580A (en) | System and method for remotely replacing GYK ground data | |
| CN105306582A (en) | System and method for remotely replacing GYK operation control program | |
| CN112953897B (en) | Train control system edge security node implementation method based on cloud computing equipment | |
| CN112532603B (en) | Cross-domain file exchange leading-in device and method based on exchange authorization file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |